Bug #10586
Feature #8268: Basic Puppet agent support on Windows
Windows puppet cannot source files remotely if owner and group are not specified
| Status: | Closed | Start date: | 11/06/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Josh Cooper | % Done: | 0% | |
| Category: | windows | |||
| Target version: | 2.7.10 | |||
| Affected Puppet version: | 2.7.6 | Branch: | https://github.com/puppetlabs/puppet/pull/280 | |
| Keywords: | ||||
Description
If you have a file resource pulling content from a puppet: URL, windows file provider gives error “Cannot convert Fixnum into string”. The content is set correctly, but the permissions are not.
C:\ems>puppet agent -t --environment=dev
info: Caching catalog for emscmdprd01
info: Applying configuration version '1320628565'
err: /Stage[main]//Node[emscmdprddrsdd]/File[C:/ems/certs/id_rsa.key]/ensure: ch
ange from absent to file failed: Could not set 'file on ensure: can't convert Fi
xnum into String at /etc/puppet/dev/manifests/nodes/systems/esg/ems.pp:160
notice: /Stage[main]//Node[emscmdprddrsdd]/File[C:/ems/certs/readme.txt]/ensure:
defined content as '{md5}bcfdf561fb19f6a296f162d35cc0f9a6'
notice: Finished catalog run in 55.56 seconds
C:\ems>puppet --version
2.7.6
Manifest shows:
node /^emscmd(prd|drs)\d\d$/ {
$mycerts = 'C:/ems/certs'
# This works
file { "$mycerts/readme.txt": ensure=>'file', mode=>'666',
group=>undef, owner=>'Administrators',
content=>"Certificates Managed by Puppet";
}
# This does not
file { "$mycerts/id_rsa.key": ensure=>'file', mode=>'666',
group=>undef, owner=>'Administrators',
source=>"puppet:///files/ssh-keys/sitescope.private",
}
}
I believe this might be connected with the Windows puppet agent attepting to set group ownership based on the file metadata (IE its group ownership under unix) and failing to make the conversion, but in any case this should give a meaningful message or default. We also need clearer documentation as to exactly what ‘mode’ means in the ACL world of Windows…
Related issues
History
#1
Updated by Josh Cooper over 1 year ago
- Status changed from Unreviewed to Investigating
- Assignee set to Josh Cooper
- Parent task set to #8268
#2
Updated by Josh Cooper over 1 year ago
- Status changed from Investigating to Accepted
- Target version set to 2.7.x
Since the manifest does not define a group, puppet is attempting to apply the numeric gid from the file metadata, and failing to convert the fixnum to a string. We should handle this more gracefully.
The posix file provider returns nil in cases like this, e.g. the method name2uid returns nil if the uid doesn’t exist on the endpoint, so the windows provider should do something similar.
Here’s the stack trace leading up to the error (The line numbers don’t match exactly due to debugging):
["c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util/windows/security.rb:544:in `name2gid'", "c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util/windows/security.rb:544:in `name2gid'", "c:/ruby187/lib/ruby/site_ruby/1.8/puppet/type/file/group.rb:20:in `insync?'", "c:/ruby187/lib/ruby/site_ruby/1.8/puppet/type/file/group.rb:19:in `map!'", "c:/ruby187/lib/ruby/site_ruby/1.8/puppet/type/file/group.rb:19:in `insync?'", "c:/ruby187/lib/ruby/site_ruby/1.8/puppet/property.rb:162:in `safe_insync?'", "c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:61:in `perform_changes'",
This issue can be worked around by always specifying the owner and group. For example, you can set both to ‘Administrators’, or set the group to ‘Users’ depending on your security requirements.
I’ll make a note to document what modes mean in the Windows world. In the meantime, I’d recommend looking at this commit:42c998233ba188d94f4b903f802f075ffe87f0d6
Also, some minor updates where made here: commit:4c3aae84702225f441eb080ddbf6ff9121c1b49c and commit:d78afda39173d43d27ef6b84754490d5072a7ab6
#3
Updated by Josh Cooper over 1 year ago
- Status changed from Accepted to Duplicate
This issue will be resolved with the fix for #10614
#4
Updated by Josh Cooper over 1 year ago
- Subject changed from Windows file provider produces error if source attribute used to Windows puppet cannot source files remotely if owner and group are not specified
- Status changed from Duplicate to Re-opened
This bug, as originally reported (sourcing files from puppet), is not fixed. What was fixed was #10614 (sourcing files from local non-NTFS volumes).
Given a manifest:
file { "c:/foo.txt":
source => "puppet:///modules/foo/foo.txt",
}
You’ll get the following:
c:\> puppet agent --test --debug --trace c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util/windows/security.rb:577:in `pack' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util/windows/security.rb:577:in `string_to_sid_ptr' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/provider/file/windows.rb:40:in `name2uid' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/type/file/owner.rb:13:in `insync?' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/type/file/owner.rb:12:in `map!' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/type/file/owner.rb:12:in `insync?' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/property.rb:162:in `safe_insync?' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:61:in `perform_changes' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:60:in `each' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:60:in `perform_changes' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in`evaluate' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction.rb:49:in `apply' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction.rb:84:in `eval_resource' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction.rb:103:in `evaluate' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util.rb:476:in `thinmark' c:/ruby187/lib/ruby/1.8/benchmark.rb:308:in `realtime' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util.rb:475:in `thinmark' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction.rb:103:in `evaluate' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction.rb:380:in `traverse' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/transaction.rb:99:in `evaluate' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:141:in `apply' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/configurer.rb:121:in `retrieve_and_apply_catalog' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util.rb:180:in `benchmark' c:/ruby187/lib/ruby/1.8/benchmark.rb:308:in `realtime' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util.rb:179:in `benchmark' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/configurer.rb:120:in `retrieve_and_apply_catalog' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/configurer.rb:151:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run' c:/ruby187/lib/ruby/1.8/sync.rb:230:in `synchronize' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:103:in `with_client' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:37:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:172:in `call' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:172:in `controlled_run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:35:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:336:in `onetime' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:310:in `run_command' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `hook' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:401:in `exit_on_fail' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `run' c:/ruby187/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:69:in `execute' c:/ruby187/bin/puppet:4 err: /Stage[main]//File[c:/foo.txt]: Could not evaluate: can't convert Fixnum into String
Adding owner and group to the manifest, works around the problem:
file { "c:/foo.txt":
source => "puppet:///modules/foo/foo.txt",
owner => 'Administrator',
group => 'Administrators',
}
#5
Updated by Josh Cooper over 1 year ago
- Status changed from Re-opened to Accepted
#6
Updated by Josh Cooper over 1 year ago
- Status changed from Accepted to In Topic Branch Pending Review
- Branch set to https://github.com/puppetlabs/puppet/pull/280
The fixes in branch https://github.com/puppetlabs/puppet/pull/280 should fix this problem. On Windows, the owner and group properties from remote sources are not copied to the local resource.
#7
Updated by Jeff McCune over 1 year ago
- Status changed from In Topic Branch Pending Review to Merged - Pending Release
Merged into 2.7.x¶
As: https://github.com/puppetlabs/puppet/commit/4cc1142da35ecc3b052c67e550bba5d39c2b78f4
#8
Updated by Michael Stahnke over 1 year ago
- Status changed from Merged - Pending Release to Closed
- Target version changed from 2.7.x to 2.7.10
released in 2.7.10rc1