Bug 747388 – Add ACLs to be managed by puppet as specified in the top level README

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 747388 - Add ACLs to be managed by puppet as specified in the top level README


Summary:	Add ACLs to be managed by puppet as specified in the top level README


Status:	RESOLVED FIXED

Product:	sysadmin
Classification:	Infrastructure
Component:	Apprentices
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME Sysadmins
QA Contact:	GNOME Sysadmins

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-04-06 01:40 UTC by Peter Baumgarten
Modified:	2015-04-25 00:03 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
The patch mentioned in the description (118.71 KB, patch) 2015-04-06 01:40 UTC, Peter Baumgarten	none	Details \| Review
Updated patch (117.79 KB, patch) 2015-04-18 22:36 UTC, Peter Baumgarten	none	Details \| Review

Description Peter Baumgarten 2015-04-06 01:40:30 UTC

Created attachment 300996 [details] [review]
The patch mentioned in the description

The top level README says that ACLs must be manually entered in case of a server migration.
-------------------------------------------------------------------------
Please
 run the following commands to fix that in case of a server's migration:

 sudo setfacl -Rdm g:root:rwx /etc/puppet
 sudo setfacl -Rdm u:root:rwx /etc/puppet
 sudo setfacl -Rdm o::r /etc/puppet

 Sadly Puppet doesn't support ACLs on its file type attribute, thus the need to execute these
 commands manually.
------------------------------------------------------------------------
I used the exec resource as a work around for puppet to add manage the ACLs

Comment 1 Andrea Veri 2015-04-07 13:57:03 UTC

Hey Peter! We do have an ACL puppet class for handling acls [1], mind submitting the patch again having in mind you can use it and not the exec resource?

Comment 2 Peter Baumgarten 2015-04-10 04:54:30 UTC

Will do.  Thank you for your patience.

Comment 3 Peter Baumgarten 2015-04-18 22:36:31 UTC

Created attachment 301915 [details] [review]
Updated patch

Only has user and group acl not other.

Comment 4 Andrea Veri 2015-04-21 12:27:19 UTC

Merged [1]. A few notes though:

 1. Make sure the call to the function is correctly specified. [2]
 2. Make sure to follow the Puppet guidelines listed at [3] (puppet-lint's use is suggested)
 3. Make sure to not name the resource call with the same name (previously $name was set to be $id on the acl class, I fixed that as multiple calls to the acl functions were going to collide when used on the same manifest [4])
 4. The relevant file for including the change was modules/puppet/master.pp as that's where /etc/puppet usually resides

Thanks for your contribution!

[1] https://infrastructure.gnome.org/browse/puppet/commit/?id=133da7714e0ee9eee3cc5a1ea9efeb98fc37d1a7
[2] https://infrastructure.gnome.org/browse/puppet/tree/modules/puppet/manifests/master.pp?id=c5df27abf540982481357db663d78cac227e95f9#n115
[3] https://wikitech.wikimedia.org/wiki/Puppet_coding#Coding_Style
[4] https://infrastructure.gnome.org/browse/puppet/commit/?id=c5df27abf540982481357db663d78cac227e95f9

Comment 5 Peter Baumgarten 2015-04-25 00:03:59 UTC

Thank you for your feedback