puppet-openvpn icon indicating copy to clipboard operation
puppet-openvpn copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Fix of deprecation warning

Open amorphina opened this issue 7 years ago • 6 comments

Pull Request (PR) description

Fix of deprecation warning: Warning: The source_permissions parameter is deprecated. Explicitly set owner, group, and mode. (file: .../manifests/ca.pp, line: 127)

This Pull Request (PR) fixes the following issues

Replaced: source_permissions => 'use', With: owner => 'root', mode => '0755',

This is tested on puppet-agent 5.5.7-1 on Ubuntu Xenial, puppetserver 5.3.6-1 Ubuntu Xenial.

amorphina avatar Nov 23 '18 14:11 amorphina

There is a bunch of failing tests because proposed code is not idempotent.

@Dan33l Do you know why though? Does the service automatically chmod some files when it starts or something?

alexjfisher avatar Nov 26 '18 16:11 alexjfisher

@Dan33l Do you know why though? Does the service automatically chmod some files when it starts or something?

@alexjfisher This PR force mode => '0755', and the client key is created by easyrsa with mode 0600 and changed during the second run to 0755. More than idempotency issue, it is safe that a private key use mode 0600 and not 0755.

@amorphina are you yet interested by this PR ?

Dan33l avatar May 15 '19 13:05 Dan33l

@Dan33l I am still interested by it. Can we create a separate file resource to manage the keys directory, something like:

file { "${etc_directory}/openvpn/${name}/easy-rsa/keys" :
  ensure => directory,
  mode   => '0600',
}

This way we will change the mode for all files/dirs to 755 without the keys directory.

Also by default puppet pushes the mode for directories from 6(rw) to 7(rwx), thus the directory ${etc_directory}/openvpn/${name}/easy-rsa/keys will automatically be set to 700, while the files inside it should remain with 600.

amorphina avatar May 16 '19 14:05 amorphina

The source_permissions parameter will be undeprecated : https://tickets.puppetlabs.com/browse/PUP-10253

Dan33l avatar Mar 05 '20 08:03 Dan33l

The source_permissions parameter will be undeprecated : https://tickets.puppetlabs.com/browse/PUP-10253

Has that been agreed?

alexjfisher avatar Mar 06 '20 14:03 alexjfisher

Since status is ACCEPTED, i supposed yes.

And also the comment on ticket i opened : https://tickets.puppetlabs.com/browse/PUP-9332?focusedCommentId=724011&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-724011

Dan33l avatar Mar 06 '20 15:03 Dan33l