search

voxpupuli / puppet-gitlab

Puppet module to manage Gitlab (Omnibus)
https://forge.puppet.com/puppet/gitlab/
BSD 3-Clause "New" or "Revised" License
74 stars 164 forks source link

backup archive permissions are interpreted as octal value #409

Open NiklausHofer opened 1 year ago

NiklausHofer commented 1 year ago

I am trying to set the configuration backup_archive_permissions option.

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce

Hiera code:

gitlab::gitlab_rails:
  backup_archive_permissions: '0640'

What are you seeing

Because of how Puppet handles numbers prefixed with a 0, this gets converted to 416 when writing the gitlab.rb configuration file, like so:

gitlab_rails['backup_archive_permissions'] = 416

What behaviour did you expect instead

gitlab_rails['backup_archive_permissions'] = 0640

Output log

Notice: /Stage[main]/Gitlab::Omnibus_config/File[/etc/gitlab/gitlab.rb]/content: 
--- /etc/gitlab/gitlab.rb   2023-05-04 15:08:08.920813631 +0200
+++ /tmp/puppet-file20230504-1553-19g72ee   2023-05-04 15:17:57.500392789 +0200
@@ -12,7 +12,7 @@
 # gitlab.yml configuration #
 ############################

-gitlab_rails['backup_archive_permissions'] = 0640
+gitlab_rails['backup_archive_permissions'] = 416
 gitlab_rails['backup_keep_time'] = 604800
 gitlab_rails['backup_path'] = "/var/backup/gitlab"
 gitlab_rails['gitlab_email_display_name'] = "GitLab"

Notice: /Stage[main]/Gitlab::Omnibus_config/File[/etc/gitlab/gitlab.rb]/content: 
--- /etc/gitlab/gitlab.rb   2023-05-04 15:08:08.920813631 +0200
+++ /tmp/puppet-file20230504-1553-1am5um9   2023-05-04 15:17:57.523392655 +0200
@@ -12,7 +12,7 @@
 # gitlab.yml configuration #
 ############################

-gitlab_rails['backup_archive_permissions'] = 0640
+gitlab_rails['backup_archive_permissions'] = 416
 gitlab_rails['backup_keep_time'] = 604800
 gitlab_rails['backup_path'] = "/var/backup/gitlab"
 gitlab_rails['gitlab_email_display_name'] = "GitLab"

Notice: /Stage[main]/Gitlab::Omnibus_config/File[/etc/gitlab/gitlab.rb]/content: current_value '{md5}fccc1e89d7375aa553d2fe5f6593c1b0', should be '{md5}f8c7e2c18bcc1591e9357686553446c2' (noop) (corrective)
kenyon commented 1 year ago

If you're quoting it in hiera, then it's a string. I think the problem is the ERB template, the decorate method in particular. #146 appears to be a report about this same problem. I bet if the template were converted to EPP, the problem would go away.

NiklausHofer commented 1 year ago

I have tried both quoted and not quoted, it's the same result either way.

Funnily enough though, we have since figured out that 416 actually works. From what we have been able to find out, the preceding 0 is interpreted by GitLab not as part of the permissions, but as an indicator that the following number is octal. So if a decimal number is entered, GitLab will first convert it to octal.

So what happens is, I enter 0640, which is then converted from octal to binary by Puppet and written into the configuration as 416. GitLab then sees that and converts it back to octal.

Pretty ugly, but it works...

kenyon commented 1 year ago

Yeah, the numerical value is the same regardless of the radix. So I guess this is more of a cosmetic problem. Still would be good to convert the template to EPP.