From a85ffd577c1fcbd2ebf76aa187f03f8840953a2f Mon Sep 17 00:00:00 2001 From: Ceriath Date: Fri, 7 Jan 2022 15:11:36 +0100 Subject: [PATCH] fix file ownerships --- manifests/daemon.pp | 17 ++++++++++------- manifests/ipsec_exporter.pp | 3 +++ manifests/nginx_prometheus_exporter.pp | 7 +++++++ manifests/postgres_exporter.pp | 7 +++++++ manifests/pushprox_client.pp | 1 + manifests/redis_exporter.pp | 7 +++++++ spec/defines/daemon_spec.rb | 2 -- 7 files changed, 35 insertions(+), 9 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index d3ea8d90d..4329d4799 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -72,7 +72,8 @@ Stdlib::Absolutepath $env_file_path = $prometheus::env_file_path, Optional[String[1]] $extract_command = $prometheus::extract_command, Stdlib::Absolutepath $extract_path = '/opt', - Stdlib::Absolutepath $archive_bin_path = "/opt/${name}-${version}.${os}-${arch}/${name}", + Stdlib::Absolutepath $install_path = "/opt/${name}-${version}.${os}-${arch}", + Stdlib::Absolutepath $archive_bin_path = "${install_path}/${name}", Boolean $export_scrape_job = false, Stdlib::Host $scrape_host = $facts['networking']['fqdn'], Optional[Stdlib::Port] $scrape_port = undef, @@ -83,17 +84,17 @@ case $install_method { 'url': { if $download_extension == '' { - file { "/opt/${name}-${version}.${os}-${arch}": + file { $install_path: ensure => directory, owner => 'root', group => 0, # 0 instead of root because OS X uses "wheel". mode => '0755', } - -> archive { "/opt/${name}-${version}.${os}-${arch}/${name}": + -> archive { $archive_bin_path: ensure => present, source => $real_download_url, checksum_verify => false, - before => File["/opt/${name}-${version}.${os}-${arch}/${name}"], + before => File[$archive_bin_path], } } else { archive { "/tmp/${name}-${version}.${download_extension}": @@ -108,9 +109,11 @@ extract_command => $extract_command, } } - file { $archive_bin_path: - owner => 'root', - group => 0, # 0 instead of root because OS X uses "wheel". + exec { "/bin/chown root:0 -R ${install_path}": + command => "/bin/chown root:0 -R ${install_path}", # 0 instead of root because OS X uses "wheel". + onlyif => "/usr/bin/test `/usr/bin/stat -c '%U' ${archive_bin_path}` != 'root'", + } + -> file { $archive_bin_path: mode => '0555', } -> file { "${bin_dir}/${name}": diff --git a/manifests/ipsec_exporter.pp b/manifests/ipsec_exporter.pp index 6f4b20c66..ff548c8e3 100644 --- a/manifests/ipsec_exporter.pp +++ b/manifests/ipsec_exporter.pp @@ -79,10 +79,12 @@ if versioncmp ($version, '0.3.2') >= 0 { $release = $version $archive_bin_path = undef # use default + $install_path = undef # use default } else { $release = "v${version}" $archive_bin_path = "/opt/ipsec_exporter-v${version}.${os}-${arch}" + $install_path = "/opt/ipsec_exporter-v${version}.${os}-${arch}" } $real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${release}.${os}-${arch}.${download_extension}") @@ -100,6 +102,7 @@ real_download_url => $real_download_url, bin_dir => $bin_dir, archive_bin_path => $archive_bin_path, + install_path => $install_path, notify_service => $notify_service, package_name => $package_name, package_ensure => $package_ensure, diff --git a/manifests/nginx_prometheus_exporter.pp b/manifests/nginx_prometheus_exporter.pp index 33f8cd94d..653db4771 100644 --- a/manifests/nginx_prometheus_exporter.pp +++ b/manifests/nginx_prometheus_exporter.pp @@ -114,6 +114,13 @@ creates => "${install_dir}/${package_name}", cleanup => true, } + -> exec { "/bin/chown root:0 -R ${install_dir}": + command => "/bin/chown root:0 -R ${install_dir}", + onlyif => "/usr/bin/test `/usr/bin/stat -c '%U' ${install_dir}/${service_name}` != 'root'", + } + -> file { "${install_dir}/${service_name}": + mode => '0555', + } -> file { "${bin_dir}/${package_name}": ensure => link, notify => $notify_service, diff --git a/manifests/postgres_exporter.pp b/manifests/postgres_exporter.pp index 36c323b59..b72b176d7 100644 --- a/manifests/postgres_exporter.pp +++ b/manifests/postgres_exporter.pp @@ -149,6 +149,13 @@ creates => "${install_dir}/${service_name}", cleanup => true, } + -> exec { "/bin/chown root:0 -R ${install_dir}": + command => "/bin/chown root:0 -R ${install_dir}", + onlyif => "/usr/bin/test `/usr/bin/stat -c '%U' ${install_dir}/${service_name}` != 'root'", + } + -> file { "${install_dir}/${service_name}": + mode => '0555', + } -> file { "${bin_dir}/${service_name}": ensure => link, notify => $notify_service, diff --git a/manifests/pushprox_client.pp b/manifests/pushprox_client.pp index dd621b743..a471e7021 100644 --- a/manifests/pushprox_client.pp +++ b/manifests/pushprox_client.pp @@ -91,6 +91,7 @@ version => $version, download_extension => $download_extension, archive_bin_path => "/opt/PushProx-${version}.${os}-${arch}/pushprox-client", + install_path => "/opt/PushProx-${version}.${os}-${arch}", os => $os, arch => $arch, real_download_url => $real_download_url, diff --git a/manifests/redis_exporter.pp b/manifests/redis_exporter.pp index 39e87c927..5ece2cdef 100644 --- a/manifests/redis_exporter.pp +++ b/manifests/redis_exporter.pp @@ -120,6 +120,13 @@ creates => "${install_dir}/${service_name}", cleanup => true, } + -> exec { "/bin/chown root:0 -R ${install_dir}": + command => "/bin/chown root:0 -R ${install_dir}", + onlyif => "/usr/bin/test `/usr/bin/stat -c '%U' ${install_dir}/${service_name}` != 'root'", + } + -> file { "${install_dir}/${service_name}": + mode => '0555', + } -> file { "${bin_dir}/${service_name}": ensure => link, notify => $notify_service, diff --git a/spec/defines/daemon_spec.rb b/spec/defines/daemon_spec.rb index aa6da47c1..2224b2ee2 100644 --- a/spec/defines/daemon_spec.rb +++ b/spec/defines/daemon_spec.rb @@ -58,8 +58,6 @@ it { expect(subject).to contain_file("/opt/smurf_exporter-#{parameters[:version]}.#{prom_os}-#{prom_arch}/smurf_exporter").with( - 'owner' => 'root', - 'group' => 0, 'mode' => '0555' ) }