st2-packages icon indicating copy to clipboard operation
st2-packages copied to clipboard
verified publisher icon StackStorm

Fix configuration directory and file permissions

Open blag opened this issue 7 years ago • 10 comments

Companion PR to st2#4173.

Fixes configuration directory permissions to 2770 and the configuration file permissions to 660.

Fixes #558 Closes #520 Closes #565

blag avatar Jun 14 '18 23:06 blag

@armab I fixed the issues you pointed out. Let me know if there's anything else I need to fix.

blag avatar Jun 22 '18 00:06 blag

Thanks @blag! The logic LGTM. The only requirement is to test the installer script end-to-end once we'll have the st2 https://github.com/StackStorm/st2/pull/4173 merged.

arm4b avatar Jun 22 '18 16:06 arm4b

@armab Waiting on your approval to merge this.

blag avatar Jun 28 '18 08:06 blag

@blag Per previous discussion, did you end-to-end test this change manually and can confirm working behavior? We need to ensure that it doesn't break anything prior merging.

arm4b avatar Jun 28 '18 11:06 arm4b

@armab @blag We merged st2 change, but not this one so now if you install StackStorm using installer script it will produce warnings by default.

I would say merge that if it's working so we get rid of warnings on a clean installation. Everything needs to be tested end to end though, of course.

Kami avatar Jun 29 '18 08:06 Kami

I will merge it and test it out.

If it doesn't work, I will revert it since we don't want to delay the release any longer.

Kami avatar Jun 29 '18 08:06 Kami

I pushed a fix, yet things are still breaking (38fdd4e6eafdcf6c1417178021bc18fb7af12232). This requires more work.

@blag for future reference, that's how you tested installer script changes from a branch:

wget https://stackstorm.com/packages/install.sh
bash install.sh --user=st2admin --password=Ch@ngeMe --staging --unstable --force-branch=fix-config-permissions

The problem seems to be that st2 login command depends on the config directory and config file to exist.

This means we will probably still need to manually create and chmod directories and config inside the installer script. Either that, or change st2 CLI to create directories and file if they don't exist yet, but that's a lot more involved.

Kami avatar Jun 29 '18 09:06 Kami

Either that, or change st2 CLI to create directories and file if they don't exist yet, but that's a lot more involved.

Agree, that's the point which I'd like us ideally to follow. But it's easier, because st2 login -w CLI can already create config files and dirs if they don't exist yet.

We just need to get rid of all the config/dir paths in scripted installer and let the st2 handle it correctly. This leaves scripted installer with less logic to juggle with which is a good part.

arm4b avatar Jun 29 '18 11:06 arm4b

With this release timing pressure, I've made a change to this PR to have a more simplified & working st2 config behavior in scripted installer. Per quick manual tests it looks ok:

curl -sSL https://stackstorm.com/packages/install.sh | bash -s -- --user=st2admin --password=st2admin --staging --unstable --force-branch=fix-config-permissions

[...]

$ ls -la ~/.st2/
total 16
drwxrws--- 2 vagrant vagrant 4096 Jun 29 16:09 .
drwxr-xr-x 5 vagrant vagrant 4096 Jun 29 16:11 ..
-rw-rw---- 1 vagrant vagrant   55 Jun 29 16:09 config
-rw-rw---- 1 vagrant vagrant   77 Jun 29 16:09 token-st2admin

$ sudo ls -la /root/.st2/
total 16
drwxrws--- 2 root root 4096 Jun 29 16:09 .
drwx------ 5 root root 4096 Jun 29 16:10 ..
-rw-rw---- 1 root root   55 Jun 29 16:09 config
-rw-rw---- 1 root root   77 Jun 29 16:09 token-st2admin

@Kami Please take a look again. @blag Please help to test it end-to-end as there may be corner cases, @Kami provided instructions above.

arm4b avatar Jun 29 '18 16:06 arm4b

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar May 11 '22 11:05 CLAassistant