puppet-gitlab
puppet-gitlab copied to clipboard
voxpupuli
backup archive permissions are interpreted as octal value
I am trying to set the configuration backup_archive_permissions option.
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: All versions on all operating systems.
How to reproduce
Hiera code:
gitlab::gitlab_rails:
backup_archive_permissions: '0640'
What are you seeing
Because of how Puppet handles numbers prefixed with a 0, this gets converted to 416 when writing the gitlab.rb configuration file, like so:
gitlab_rails['backup_archive_permissions'] = 416
What behaviour did you expect instead
gitlab_rails['backup_archive_permissions'] = 0640
Output log
Notice: /Stage[main]/Gitlab::Omnibus_config/File[/etc/gitlab/gitlab.rb]/content:
--- /etc/gitlab/gitlab.rb 2023-05-04 15:08:08.920813631 +0200
+++ /tmp/puppet-file20230504-1553-19g72ee 2023-05-04 15:17:57.500392789 +0200
@@ -12,7 +12,7 @@
# gitlab.yml configuration #
############################
-gitlab_rails['backup_archive_permissions'] = 0640
+gitlab_rails['backup_archive_permissions'] = 416
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = "/var/backup/gitlab"
gitlab_rails['gitlab_email_display_name'] = "GitLab"
Notice: /Stage[main]/Gitlab::Omnibus_config/File[/etc/gitlab/gitlab.rb]/content:
--- /etc/gitlab/gitlab.rb 2023-05-04 15:08:08.920813631 +0200
+++ /tmp/puppet-file20230504-1553-1am5um9 2023-05-04 15:17:57.523392655 +0200
@@ -12,7 +12,7 @@
# gitlab.yml configuration #
############################
-gitlab_rails['backup_archive_permissions'] = 0640
+gitlab_rails['backup_archive_permissions'] = 416
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = "/var/backup/gitlab"
gitlab_rails['gitlab_email_display_name'] = "GitLab"
Notice: /Stage[main]/Gitlab::Omnibus_config/File[/etc/gitlab/gitlab.rb]/content: current_value '{md5}fccc1e89d7375aa553d2fe5f6593c1b0', should be '{md5}f8c7e2c18bcc1591e9357686553446c2' (noop) (corrective)
If you're quoting it in hiera, then it's a string. I think the problem is the ERB template, the decorate method in particular. #146 appears to be a report about this same problem. I bet if the template were converted to EPP, the problem would go away.
I have tried both quoted and not quoted, it's the same result either way.
Funnily enough though, we have since figured out that 416 actually works. From what we have been able to find out, the preceding 0 is interpreted by GitLab not as part of the permissions, but as an indicator that the following number is octal. So if a decimal number is entered, GitLab will first convert it to octal.
So what happens is, I enter 0640, which is then converted from octal to binary by Puppet and written into the configuration as 416. GitLab then sees that and converts it back to octal.
Pretty ugly, but it works...
Yeah, the numerical value is the same regardless of the radix. So I guess this is more of a cosmetic problem. Still would be good to convert the template to EPP.