Permissions for environments created by the webhook are incorrect

rnelson0 commented 9 years ago

The permissions I get for an environment I deploy my hand with r10k are 0644 (0755 for dirs); when the webhook deploys they are 0666 (0777 for dirs). The hook is not respecting root's umask and there appears to be no way to set the umask.

# By hand:
[root@puppet ~]# r10k deploy environment hi377
[root@puppet ~]# ls -la /etc/puppet/environments/hi377/dist/profile/manifests/
total 68
drwxr-xr-x. 4 root root 4096 Jun 12 17:58 .
drwxr-xr-x. 7 root root 4096 Jun 12 17:58 ..
-rw-r--r--. 1 root root  302 Jun 12 17:58 apache.pp
-rw-r--r--. 1 root root 1208 Jun 12 17:58 base.pp
-rw-r--r--. 1 root root  890 Jun 12 17:58 build.pp
-rw-r--r--. 1 root root  684 Jun 12 17:58 dhcp.pp
-rw-r--r--. 1 root root  621 Jun 12 17:58 dns.pp
-rw-r--r--. 1 root root  230 Jun 12 17:58 hiera.pp
drwxr-xr-x. 2 root root 4096 Jun 12 17:58 linuxfw
-rw-r--r--. 1 root root  462 Jun 12 17:58 linuxfw.pp
drwxr-xr-x. 2 root root 4096 Jun 12 17:58 mysql
-rw-r--r--. 1 root root  228 Jun 12 17:58 params.pp
-rw-r--r--. 1 root root 1656 Jun 12 17:58 phpmyadmin.pp
-rw-r--r--. 1 root root  239 Jun 12 17:58 puppetdb.pp
-rw-r--r--. 1 root root  600 Jun 12 17:58 puppet_master.pp
-rw-r--r--. 1 root root 1897 Jun 12 17:58 sshgw.pp
-rw-r--r--. 1 root root  329 Jun 12 17:58 yumrepo.pp

# By webhook:
[root@puppet ~]# ls -la /etc/puppet/environments/hi377/dist/profile/manifests/
total 68
drwxrwxrwx. 4 root root 4096 Jun  6 12:28 .
drwxrwxrwx. 7 root root 4096 Jun  6 12:25 ..
-rw-rw-rw-. 1 root root  302 Jun  6 12:25 apache.pp
-rw-rw-rw-. 1 root root 1208 Jun  6 12:28 base.pp
-rw-rw-rw-. 1 root root  890 Jun  6 12:25 build.pp
-rw-rw-rw-. 1 root root  684 Jun  6 12:25 dhcp.pp
-rw-rw-rw-. 1 root root  621 Jun  6 12:25 dns.pp
-rw-rw-rw-. 1 root root  230 Jun  6 12:25 hiera.pp
drwxrwxrwx. 2 root root 4096 Jun  6 12:25 linuxfw
-rw-rw-rw-. 1 root root  462 Jun  6 12:25 linuxfw.pp
drwxrwxrwx. 2 root root 4096 Jun  6 12:25 mysql
-rw-rw-rw-. 1 root root  228 Jun  6 12:25 params.pp
-rw-rw-rw-. 1 root root 1656 Jun  6 12:25 phpmyadmin.pp
-rw-rw-rw-. 1 root root  239 Jun  6 12:25 puppetdb.pp
-rw-rw-rw-. 1 root root  600 Jun  6 12:25 puppet_master.pp
-rw-rw-rw-. 1 root root 1897 Jun  6 12:25 sshgw.pp
-rw-rw-rw-. 1 root root  329 Jun  6 12:25 yumrepo.pp

Here is my r10k configuration and parameters via yaml:

  include ::r10k
  include ::r10k::webhook::config
  include ::r10k::webhook
  Class['r10k::webhook::config'] -> Class['r10k::webhook']

r10k::version: '1.5.1'
r10k::sources:
  puppet:
    remote: 'git@github.com:rnelson0/controlrepo.git'
    basedir: '/etc/puppet/environments'
    prefix: false
r10k::manage_modulepath: false
r10k::webhook::config::use_mcollective: false
r10k::webhook::config::public_key_path: '/etc/mcollective/server_public.pem'
r10k::webhook::config::private_key_path: '/etc/mcollective/server_private.pem'
r10k::webhook::user: 'root'
r10k::webhook::group: 0

If there is some option I am missing, let me know and I can retest.

rnelson0 commented 9 years ago

And how could I forget the umask

[root@puppet ~]# umask
0022

tampakrap commented 9 years ago

I am having the same problem but with 777. Workaround is to set r10k::webhook::config::command_prefix: 'umask 0022;'

acidprime commented 9 years ago

I know this is an issue not sure the best way to fix atm

rnelson0 commented 9 years ago

I upgraded to 2.8.2 and now my environments are built with the right perms. I also noticed changes to the logging format which is awesome. Thanks so much!

On Wednesday, July 29, 2015, Zack Smith notifications@github.com wrote:

Closed #191 https://github.com/acidprime/r10k/issues/191 via 41d6cfd https://github.com/acidprime/r10k/commit/41d6cfdd63d7c9fe833b55f688fb3fabc021b4bb .

— Reply to this email directly or view it on GitHub https://github.com/acidprime/r10k/issues/191#event-368917627.

Rob Nelson rnelson0@gmail.com

voxpupuli / puppet-r10k

Permissions for environments created by the webhook are incorrect #191