Projet

Général

Profil

Révision 0b7bcb5d

ID0b7bcb5de9fe26c617dda5ba3e1c8e9310296a24
Parent 0e7fe75e
Enfant 069c9fd2

Ajouté par mh il y a plus de 2 ans

Align filemode on RedHat to distro default

The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.

However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft
validate.

Voir les différences:

spec/classes/ip_nat_spec.rb
9 9 
    context "on #{os}" do
10 10 
      let(:facts) { os_facts }
11 11 

  		




  
  12
  
    
      nft_mode = case os_facts[:os]['family']


  		




  
  13
  
    
                 when 'RedHat'


  		




  
  14
  
    
                   '0600'


  		




  
  15
  
    
                 else


  		




  
  16
  
    
                   '0640'


  		




  
  17
  
    
                 end


  		




  
  18
  
    

  		




  12
  19
  
    
      it { is_expected.to compile }


  		




  13
  20
  
    

  		




  14
  21
  
    
      it {


  		




  ......




  17
  24
  
    
          ensure: 'present',


  		




  18
  25
  
    
          owner: 'root',


  		




  19
  26
  
    
          group: 'root',


  		




  20
  
  
    
          mode: '0640'


  		




  
  27
  
    
          mode: nft_mode


  		




  21
  28
  
    
        )


  		




  22
  29
  
    
      }


  		




  23
  30
  
    

  		




  ......




  51
  58
  
    
          ensure: 'present',


  		




  52
  59
  
    
          owner: 'root',


  		




  53
  60
  
    
          group: 'root',


  		




  54
  
  
    
          mode: '0640'


  		




  
  61
  
    
          mode: nft_mode


  		




  55
  62
  
    
        )


  		




  56
  63
  
    
      }


  		




  57
  64
  
    

  		




  ......




  85
  92
  
    
            path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft',


  		




  86
  93
  
    
            owner: 'root',


  		




  87
  94
  
    
            group: 'root',


  		




  88
  
  
    
            mode: '0640',


  		




  
  95
  
    
            mode: nft_mode,


  		




  89
  96
  
    
            ensure_newline: true


  		




  90
  97
  
    
          )


  		




  91
  98
  
    
        }


  		




  ......




  129
  136
  
    
            path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft',


  		




  130
  137
  
    
            owner: 'root',


  		




  131
  138
  
    
            group: 'root',


  		




  132
  
  
    
            mode: '0640',


  		




  
  139
  
    
            mode: nft_mode,


  		




  133
  140
  
    
            ensure_newline: true


  		




  134
  141
  
    
          )


  		




  135
  142
  
    
        }


  		




  ......




  173
  180
  
    
            path: '/etc/nftables/puppet-preflight/ip6-nat-chain-PREROUTING6.nft',


  		




  174
  181
  
    
            owner: 'root',


  		




  175
  182
  
    
            group: 'root',


  		




  176
  
  
    
            mode: '0640',


  		




  
  183
  
    
            mode: nft_mode,


  		




  177
  184
  
    
            ensure_newline: true


  		




  178
  185
  
    
          )


  		




  179
  186
  
    
        }


  		




  ......




  217
  224
  
    
            path: '/etc/nftables/puppet-preflight/ip6-nat-chain-POSTROUTING6.nft',


  		




  218
  225
  
    
            owner: 'root',


  		




  219
  226
  
    
            group: 'root',


  		




  220
  
  
    
            mode: '0640',


  		




  
  227
  
    
            mode: nft_mode,


  		




  221
  228
  
    
            ensure_newline: true


  		




  222
  229
  
    
          )


  		




  223
  230
  
    
        }


  		




  ......




  270
  277
  
    
            ensure: 'present',


  		




  271
  278
  
    
            owner: 'root',


  		




  272
  279
  
    
            group: 'root',


  		




  273
  
  
    
            mode: '0640'


  		




  
  280
  
    
            mode: nft_mode


  		




  274
  281
  
    
          )


  		




  275
  282
  
    
        }


  		




  276
  283
  
    
      end


  		












Formats disponibles :  Unified diff