chef - [chef] Permissions are not being set right.

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Permissions are not being set right.

From: Alfredo Palhares < >
To: chef < >
Subject: [chef] Permissions are not being set right.
Date: Wed, 22 Jan 2014 18:54:55 +0100

Hello chefs once more,

I am wrinting a cookbook[1] and i see the permissions are not being properly
set for some
weird reaseon (please refer to the #7-client-recipe branch). Here is a
kitchen converge.

$ kitchen converge client
kitchen-----> Starting Kitchen (v1.1.1)
-----> Converging <client-centos-64>...
Preparing files for transfer
Resolving cookbook dependencies with Berkshelf...
Removing non-cookbook files before transfer
Preparing data bags
Transfering files to <client-centos-64>
[2014-01-22T17:38:04+00:00] INFO: Starting chef-zero on port 8889 with
repository at repository at /tmp/kitchen
One version per cookbook

[2014-01-22T17:38:04+00:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 11.8.2
[2014-01-22T17:38:04+00:00] INFO: *** Chef 11.8.2 ***
[2014-01-22T17:38:04+00:00] INFO: Chef-client pid: 3357
[2014-01-22T17:38:04+00:00] INFO: Setting the run_list to
["recipe[postgresql::server]", "recipe[pgbarman::client]"] from JSON
[2014-01-22T17:38:04+00:00] INFO: Run List is [recipe[postgresql::server],
recipe[pgbarman::client]]
[2014-01-22T17:38:04+00:00] INFO: Run List expands to [postgresql::server,
pgbarman::client]
[2014-01-22T17:38:04+00:00] INFO: Starting Chef Run for client-centos-64
[2014-01-22T17:38:04+00:00] INFO: Running start handlers
[2014-01-22T17:38:04+00:00] INFO: Start handlers complete.
[2014-01-22T17:38:04+00:00] INFO: HTTP Request Returned 404 Not Found: Object
not found: /reports/nodes/client-centos-64/runs
resolving cookbooks for run list: ["postgresql::server", "pgbarman::client"]
[2014-01-22T17:38:05+00:00] INFO: Loading cookbooks [apt, build-essential,
openssl, pgbarman, postgresql, python, rsync, yum]
Synchronizing Cookbooks:
- postgresql
[2014-01-22T17:38:05+00:00] INFO: Storing updated
cookbooks/pgbarman/recipes/client.rb in the cache.
- pgbarman
- apt
- build-essential
- openssl
- python
- rsync
- yum
Compiling Cookbooks...
Converging 15 resources
Recipe: postgresql::client
* package[postgresql-devel] action install[2014-01-22T17:38:05+00:00] INFO:
Processing package[postgresql-devel] action install (postgresql::client line
36)
(up to date)
Recipe: postgresql::server_redhat
* group[postgres] action create[2014-01-22T17:38:06+00:00] INFO: Processing
group[postgres] action create (postgresql::server_redhat line 27)
(up to date)
* user[postgres] action create[2014-01-22T17:38:06+00:00] INFO: Processing
user[postgres] action create (postgresql::server_redhat line 31)
(up to date)
* directory[/var/lib/pgsql/data] action create[2014-01-22T17:38:06+00:00]
INFO: Processing directory[/var/lib/pgsql/data] action create
(postgresql::server_redhat line 41)
(up to date)
* package[postgresql-server] action install[2014-01-22T17:38:06+00:00] INFO:
Processing package[postgresql-server] action install
(postgresql::server_redhat line 50)
(up to date)
* template[/etc/sysconfig/pgsql/postgresql] action
create[2014-01-22T17:38:06+00:00] INFO: Processing
template[/etc/sysconfig/pgsql/postgresql] action create
(postgresql::server_redhat line 54)
(up to date)
* execute[/sbin/service postgresql initdb ] action
run[2014-01-22T17:38:06+00:00] INFO: Processing execute[/sbin/service
postgresql initdb ] action run (postgresql::server_redhat line 62)
(skipped due to not_if)
* service[postgresql] action enable[2014-01-22T17:38:06+00:00] INFO:
Processing service[postgresql] action enable (postgresql::server_redhat line
68)
(up to date)
* service[postgresql] action start[2014-01-22T17:38:07+00:00] INFO:
Processing service[postgresql] action start (postgresql::server_redhat line
68)
(up to date)
Recipe: postgresql::server
* template[/var/lib/pgsql/data/postgresql.conf] action
create[2014-01-22T17:38:07+00:00] INFO: Processing
template[/var/lib/pgsql/data/postgresql.conf] action create
(postgresql::server line 62)
(up to date)
* template[/var/lib/pgsql/data/pg_hba.conf] action
create[2014-01-22T17:38:07+00:00] INFO: Processing
template[/var/lib/pgsql/data/pg_hba.conf] action create (postgresql::server
line 70)
(up to date)
* bash[assign-postgres-password] action run[2014-01-22T17:38:07+00:00] INFO:
Processing bash[assign-postgres-password] action run (postgresql::server line
86)
ALTER ROLE
[2014-01-22T17:38:07+00:00] INFO: bash[assign-postgres-password] ran
successfully

- execute "bash"  "/tmp/chef-script20140122-3357-vfelon"

Recipe: pgbarman::client
* user[barman] action create[2014-01-22T17:38:07+00:00] INFO: Processing
user[barman] action create (pgbarman::client line 8)
(up to date)
* directory[/home/barman/.ssh] action create[2014-01-22T17:38:07+00:00] INFO:
Processing directory[/home/barman/.ssh] action create (pgbarman::client line
15)
[2014-01-22T17:38:07+00:00] INFO: directory[/home/barman/.ssh] mode changed
to 640

- change mode from '0600' to '0640'

- restore selinux security context

* file[/home/barman/.ssh/id_rsa] action create[2014-01-22T17:38:07+00:00]
INFO: Processing file[/home/barman/.ssh/id_rsa] action create
(pgbarman::client line 21)
[2014-01-22T17:38:07+00:00] INFO: file[/home/barman/.ssh/id_rsa] mode changed
to 640

- change mode from '0600' to '0640'

- restore selinux security context

* file[/home/barman/.ssh/authozized_keys] action
create[2014-01-22T17:38:07+00:00] INFO: Processing
file[/home/barman/.ssh/authozized_keys] action create (pgbarman::client line
28)
[2014-01-22T17:38:07+00:00] INFO: file[/home/barman/.ssh/authozized_keys]
mode changed to 640

- change mode from '0600' to '0640'

- restore selinux security context

[2014-01-22T17:38:07+00:00] INFO: Chef Run complete in 2.940750803 seconds
[2014-01-22T17:38:07+00:00] INFO: Running report handlers
[2014-01-22T17:38:07+00:00] INFO: Report handlers complete
Chef Client finished, 4 resources updated
Finished converging <client-centos-64> (0m10.74s).

Its all seems fine but:

$ kitchen login client
kitchenLast login: Wed Jan 22 17:38:03 2014 from 10.0.2.2

~]$ sudo -s

vagrant]# su - barman

~]$ ls

~]$ ls -als
total 28
4 drwx------. 3 barman barman 4096 Jan 22 17:37 .
4 drwxr-xr-x. 4 root   root   4096 Jan 22 17:36 ..
4 -rw-------. 1 barman barman   97 Jan 22 17:37 .bash_history
4 -rw-r--r--. 1 barman barman   18 Feb 21  2013 .bash_logout
4 -rw-r--r--. 1 barman barman  176 Feb 21  2013 .bash_profile
4 -rw-r--r--. 1 barman barman  124 Feb 21  2013 .bashrc
4 drw-r-----. 2 barman barman 4096 Jan 22 17:36 .ssh

~]$ cd .ssh/
-bash: cd: .ssh/: Permission denied

What gives to this ? If I had a bash block with chown -R barman:barman .ssh i
can access the directory.

Is it the directory block ? Am I doing something wrong ?

[1] https://github.com/geoforce/cookbook-pgbarman/tree/%237-client-recipe

--
Regards,
Alfredo Palhares

[chef] Permissions are not being set right., Alfredo Palhares, 01/22/2014
- [chef] Re: Permissions are not being set right., Daniel DeLeo, 01/22/2014
- [chef] Re: Permissions are not being set right., Sean Escriva, 01/22/2014