Permissions of deployed files and keep node.id #270
Conversation
| secure_create_file(node_file_path, PRESTO_STANDALONE_USER_GROUP) | ||
| if not exists(node_file_path, use_sudo=True): | ||
| secure_create_file(node_file_path, PRESTO_STANDALONE_USER_GROUP, mode=644) | ||
| else: |
There was a problem hiding this comment.
we need to do this because the rpm doesn't set up the config files with correct ownership (see Teradata/presto#358)
| missing_owner_code = 42 | ||
| command = \ | ||
| "( getent passwd {user} >/dev/null || exit {missing_owner_code} ) &&" \ | ||
| " mkdir -p {filepath} && " \ |
There was a problem hiding this comment.
Can you put the space at the beginning of this line at the end of the line above?
| @@ -118,6 +118,26 @@ def secure_create_file(filepath, user_group, mode=600): | |||
| abort("Failed to securely create file %s" % (filepath)) | |||
|
|
|||
|
|
|||
| def secure_create_directory(filepath, user_group, mode=755): | |||
There was a problem hiding this comment.
I thought the directory had to have permissions 644. Why is the default 755?
There was a problem hiding this comment.
it should have 755 permissions so that it is traversable. I'll fix the commit message
| result = sudo(command) | ||
| if result.return_code == missing_owner_code: | ||
| abort("User %s does not exist. Make sure the Presto server RPM " | ||
| "is installed and try again" % (user,)) |
There was a problem hiding this comment.
In (user,) what's the comma for? Is it required?
There was a problem hiding this comment.
The comma makes this a tuple, but I'll change this to not be a tuple. when only one argument is needed to % operator, you don't need a tuple
| @@ -269,6 +269,13 @@ def assert_config_perms(self, host, filepath): | |||
| self.assert_file_perm_owner( | |||
| host, filepath, '-rw-------', 'presto', 'presto') | |||
|
|
|||
| def assert_directory_perm_owner(self, host, filepath, permissions, owner, group): | |||
| ls = self.cluster.exec_cmd_on_host(host, "ls -l -d %s" % (filepath,)) | |||
There was a problem hiding this comment.
Same question about the comma here as well.
| @@ -41,7 +42,7 @@ | |||
|
|
|||
| def deploy_files(filenames, local_dir, remote_dir, user_group, mode=0600): | |||
There was a problem hiding this comment.
Please comment explaining why the mode for connectors is different than for regular config now that they're different.
| @@ -267,8 +267,19 @@ def get_file_content(self, host, filepath): | |||
|
|
|||
| def assert_config_perms(self, host, filepath): | |||
| self.assert_file_perm_owner( | |||
| host, filepath, '-rw-r--r--', 'presto', 'presto') | |||
|
|
|||
| def assert_connnector_perms(self, host, filepath): | |||
| host, filepath, '-rw-------', 'presto', 'presto') | ||
|
|
||
| def assert_directory_perm_owner(self, host, filepath, permissions, owner, group): | ||
| ls = self.cluster.exec_cmd_on_host(host, "ls -l -d %s" % (filepath,)) |
There was a problem hiding this comment.
Everything but the ls command is the same in this and assert_file_perm_owner. Please consolidate.
| def assert_directory_perm_owner(self, host, filepath, permissions, owner, group): | ||
| ls = self.cluster.exec_cmd_on_host(host, "ls -l -d %s" % (filepath,)) | ||
| fields = ls.split() | ||
| self.assertEqual(fields[0], permissions) |
There was a problem hiding this comment.
we should probably assert that the expected perms includes the 'd' or 'l' at the beginning or there's no way the perms are going to match. This assertion will fail, but it's misleading because it's the expected value that's totally bogus.
There was a problem hiding this comment.
Actually, let's not worry about symlinks for now...
| @@ -118,6 +118,26 @@ def secure_create_file(filepath, user_group, mode=600): | |||
| abort("Failed to securely create file %s" % (filepath)) | |||
|
|
|||
|
|
|||
| def secure_create_directory(filepath, user_group, mode=755): | |||
There was a problem hiding this comment.
it should have 755 permissions so that it is traversable. I'll fix the commit message
| missing_owner_code = 42 | ||
| command = \ | ||
| "( getent passwd {user} >/dev/null || exit {missing_owner_code} ) &&" \ | ||
| " mkdir -p {filepath} && " \ |
| result = sudo(command) | ||
| if result.return_code == missing_owner_code: | ||
| abort("User %s does not exist. Make sure the Presto server RPM " | ||
| "is installed and try again" % (user,)) |
There was a problem hiding this comment.
The comma makes this a tuple, but I'll change this to not be a tuple. when only one argument is needed to % operator, you don't need a tuple
| @@ -269,6 +269,13 @@ def assert_config_perms(self, host, filepath): | |||
| self.assert_file_perm_owner( | |||
| host, filepath, '-rw-------', 'presto', 'presto') | |||
|
|
|||
| def assert_directory_perm_owner(self, host, filepath, permissions, owner, group): | |||
| ls = self.cluster.exec_cmd_on_host(host, "ls -l -d %s" % (filepath,)) | |||
| def assert_directory_perm_owner(self, host, filepath, permissions, owner, group): | ||
| ls = self.cluster.exec_cmd_on_host(host, "ls -l -d %s" % (filepath,)) | ||
| fields = ls.split() | ||
| self.assertEqual(fields[0], permissions) |
| @@ -267,8 +267,19 @@ def get_file_content(self, host, filepath): | |||
|
|
|||
| def assert_config_perms(self, host, filepath): | |||
| self.assert_file_perm_owner( | |||
| host, filepath, '-rw-r--r--', 'presto', 'presto') | |||
|
|
|||
| def assert_connnector_perms(self, host, filepath): | |||
| @@ -41,7 +42,7 @@ | |||
|
|
|||
| def deploy_files(filenames, local_dir, remote_dir, user_group, mode=0600): | |||
| host, filepath, '-rw-------', 'presto', 'presto') | ||
|
|
||
| def assert_directory_perm_owner(self, host, filepath, permissions, owner, group): | ||
| ls = self.cluster.exec_cmd_on_host(host, "ls -l -d %s" % (filepath,)) |
rschlussel-zz
force-pushed
the
deploy
branch
2 times, most recently
from
c553b77 to
ae6d73d
Compare
The catalog directory should be owned by presto:presto and have 755 permissions.
Keep the node.id consistent across multiple runs of configuration deploy. Instead of overwriting the file if it exists, append to it, and just make sure it has the right permissions and ownership.
rschlussel-zz
force-pushed
the
deploy
branch
from
ae6d73d to
c38b7dc
Compare
fixes #266