Skip to content
This repository has been archived by the owner on Mar 19, 2022. It is now read-only.

deployment user unable to rsync after sudo/root has downloaded files into /tmp/chef-solo #86

Closed
ronald opened this issue Aug 10, 2012 · 16 comments
Closed

deployment user unable to rsync after sudo/root has downloaded files into /tmp/chef-solo #86

ronald opened this issue Aug 10, 2012 · 16 comments

Comments

@ronald
Copy link

ronald commented Aug 10, 2012

Everything works fine cooking https://github.com/RiotGames/rbenv-cookbook with a non-root-user.

But a 2nd "cook"-cmd brings up the following errors:
rsync: delete_file: unlink(ruby-build/share/ruby-build/ree-1.8.7-2012.02) failed: Permission denied (13)
[...]
rsync error: some files could not be transferred (code 23) at /SourceCache/rsync/rsync-42/rsync/main.c(992) [sender=2.6.9]
ERROR: RuntimeError: Failed to launch command rsync -rl --rsh="ssh user@ip" --delete --exclude revision-deploys --exclude tmp --exclude '.*' ./ :/tmp/chef-solo
s

Should there be a "chown user /tmp/solo" at the end of cooking? Can I do this myself?

Thx
@matschaffer
Copy link
Owner

I'm a little surprised that the cookbook would make modifications to stuff in the file_cache_path. Is that expected @reset?

@matschaffer
Copy link
Owner

I'm also hoping to make some progress on #1 (uploading to secure location) next week which would probably also avoid this issue.

@reset
Copy link
Contributor

reset commented Aug 10, 2012

@matschaffer why is that surprising? It's an idiom taken from 'source' recipes from Opscode Cookbooks where you need to cache your downloaded source.

We can fix this if this is a problem. What is wrong with writing to the file cache?

@matschaffer
Copy link
Owner

In this case it's due to my rsync-ing. But I think I may have a better fix
for this in the works anyway. No need to fix the cookbook if other opscode
cookbooks follow this pattern anyway.

On Aug 10, 2012, at 3:22 PM, Jamie Winsor [email protected] wrote:

@matschaffer https://github.com/matschaffer why is that surprising? It's
an idiom taken from 'source' recipes from Opscode Cookbooks where you need
to cache your downloaded source.

We can fix this if this is a problem. What is wrong with writing to the
file cache?


Reply to this email directly or view it on
GitHubhttps://github.com//issues/86#issuecomment-7654222.

@juzzin
Copy link

juzzin commented Aug 28, 2012

From http://wiki.opscode.com/display/chef/Chef+Configuration+Settings:

file_cache_path

The location in which cookbooks (and other transient data) files are stored when they are synchronized with Chef. (This value can also be used in recipes to download files with the remote_file resource.)

When using Chef Solo, the location in which cookbooks (and other transient data) files are stored after they have been downloaded from a remote URL. (This value can also be used in recipes to download files with the remote_file resource.)

@matschaffer
Copy link
Owner

Thanks for the heads up. My plan for this is to prime sudo so we can run rsync via sudo as well. This should also help avoid security issues such as having a databag key living in /tmp.

@matschaffer
Copy link
Owner

That's tracked in #1 btw.

@ph
Copy link

ph commented Oct 10, 2012

Did you have time to work on this issue?

@matschaffer
Copy link
Owner

Sadly no. I keep hoping. The plan is to see if I can 'prime' the sudo command to allow rsync over sudo (as noted in #1 (comment)), but it's been a crazy month or so.

@ognevsky
Copy link

Hi, I have the same issue. I'm just interesting, how enybody else solve this problem?
As for me, I have problem in places like this one: https://github.com/brianbianco/redisio/blob/master/providers/install.rb#L40

As you can see, commands in this method don't have any user or owner option, so root become the owner. Next time I cook, it tries to delete this folder and I get Permission denied error. So, I should delete this folder (or change it's permissions) by hand before I can cook once more time.

I've already seen a lot of cookbooks which are doing the same, so (probably) this is not cookbook's issue. Can you help me please with this? Where is my problem?

Thanks

@ognevsky
Copy link

This my issue is described there: #128
This is the same issue I think.

@matschaffer
Copy link
Owner

Yep. Guess this is becoming a bigger priority now that more cookbooks make use of the file cache path.

@aaronjensen
Copy link
Contributor

I'm hitting this now too... do you have a plan for this?

@matschaffer
Copy link
Owner

My plan for this is on #1, but in the mean time it occurred to me a few days ago that we could move the upload location to knife configuration param and let file cache path be the default and used as it was supposed to.

The early misstep here was using the cache path as a transfer location which was something spatula used to do.

@ognevsky ognevsky mentioned this issue Dec 5, 2012
Closed
@srpouyet
Copy link

@ognevsky I added this workaround to my main recipe. Seems to fix the permission denied error w/ Vagrant:

execute "fix permissions for /tmp/chef-solo/ruby-build" do
  command "chown -R vagrant:vagrant /tmp/chef-solo/ruby-build"
  action :run
end

@matschaffer
Copy link
Owner

Should be fixed with #145

@tmatilai tmatilai mentioned this issue Jan 23, 2013
Closed
matschaffer added a commit that referenced this issue Feb 10, 2013
@matschaffer
A test case that demonstrates #86
87642af 
First thing's first.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ph @matschaffer @aaronjensen @reset @ronald @ognevsky @srpouyet @juzzin