Ubuntu

在具有 puppet 和 vagrant 的文件上遞歸更改權限和所有者的問題

  • October 3, 2013

我正在嘗試使用 puppet 和 vagrant 在虛擬機來賓機器上安裝 tomcat。為了執行 tomcat,我需要更改 /bin/*.sh 文件的權限。

這是我的木偶配置的相關部分:

class tomcat{

exec{ 
'get-tomcat':
   command => "wget -P /home/vagrant/tmp http://apache.crihan.fr/dist/tomcat/tomcat-7/v7.0.42/bin/apache-tomcat-7.0.42.tar.gz",
   path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ],
   require => File["/home/vagrant/tmp"];
'expand-tomcat':
   command => "tar xzf apache-tomcat-7.0.42.tar.gz",
   cwd => "/home/vagrant/tmp",
   require => File["/home/vagrant/tmp"],   
   path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ],
   creates => "/home/vagrant/apache-tomcat-7.0.42",
}

file { "/home/vagrant/tmp":
   ensure => "directory",
   owner => "vagrant",
   group => "vagrant",
   mode => "u+rwx",
   recurse => true,
   require => File['/home/vagrant/tmp/apache-tomcat-7.0.42/bin/*.sh']
}

file { "/home/vagrant/tmp/apache-tomcat-7.0.42/bin/*.sh":
   owner => "vagrant",
   group => "vagrant",
   mode => "u+rwx",
   recurse => true
}

}

令我困惑的是,我在執行時得到以下輸出vagrant provision

debug: /File[/home/vagrant/tmp/apache-tomcat-7.0.42/webapps/docs/introduction.html]: The container /home/vagrant/tmp will propagate my refresh event
debug: /File[/home/vagrant/tmp/apache-tomcat-7.0.42/webapps/docs/introduction.html]: The container /home/vagrant/tmp will propagate my refresh event
debug: /File[/home/vagrant/tmp/apache-tomcat-7.0.42/webapps/docs/introduction.html]: The container /home/vagrant/tmp will propagate my refresh event
notice: /File[/home/vagrant/tmp/apache-tomcat-7.0.42/webapps/examples/jsp/plugin/plugin.jsp]/owner: owner changed 'root' to 'vagrant'
notice: /File[/home/vagrant/tmp/apache-tomcat-7.0.42/webapps/examples/jsp/plugin/plugin.jsp]/group: group changed 'root' to 'vagrant'
notice: /File[/home/vagrant/tmp/apache-tomcat-7.0.42/webapps/examples/jsp/plugin/plugin.jsp]/mode: mode changed '0644' to '0744' (u+rwx)

等等…

然後在我做了一個vagrant ssh,並列出文件之後ls -l,我注意到所有文件都歸root!

vagrant@precise64:~/tmp/apache-tomcat-7.0.42/bin$  ls -l
total 696
-rw-r--r-- 1 root root  28616 Jul  2 07:59 bootstrap.jar
-rw-r--r-- 1 root root  13217 Jul  2 07:59 catalina.bat
-rwxr-xr-x 1 root root  19877 Jul  2 07:59 catalina.sh
-rw-r--r-- 1 root root   2121 Jul  2 07:59 catalina-tasks.xml
-rw-r--r-- 1 root root  24283 Jul  2 07:59 commons-daemon.jar
-rw-r--r-- 1 root root 204944 Jul  2 07:59 commons-daemon-native.tar.gz
-rw-r--r-- 1 root root   2131 Jul  2 07:59 configtest.bat
-rwxr-xr-x 1 root root   1982 Jul  2 07:59 configtest.sh
-rw-r--r-- 1 root root   1342 Jul  2 07:59 cpappend.bat
-rwxr-xr-x 1 root root   7492 Jul  2 07:59 daemon.sh
-rw-r--r-- 1 root root   2178 Jul  2 07:59 digest.bat
-rwxr-xr-x 1 root root   2021 Jul  2 07:59 digest.sh
-rw-r--r-- 1 root root   3264 Jul  2 07:59 setclasspath.bat
-rwxr-xr-x 1 root root   3524 Jul  2 07:59 setclasspath.sh
-rw-r--r-- 1 root root   2111 Jul  2 07:59 shutdown.bat
-rwxr-xr-x 1 root root   1960 Jul  2 07:59 shutdown.sh
-rw-r--r-- 1 root root   2112 Jul  2 07:59 startup.bat
-rwxr-xr-x 1 root root   1961 Jul  2 07:59 startup.sh
-rw-r--r-- 1 root root  38333 Jul  2 07:59 tomcat-juli.jar
-rw-r--r-- 1 root root 288166 Jul  2 07:59 tomcat-native.tar.gz
-rw-r--r-- 1 root root   4114 Jul  2 07:59 tool-wrapper.bat
-rwxr-xr-x 1 root root   5086 Jul  2 07:59 tool-wrapper.sh
-rw-r--r-- 1 root root   2116 Jul  2 07:59 version.bat
-rwxr-xr-x 1 root root   1965 Jul  2 07:59 version.sh

正如斯科特所說,您的萬用字元無效。

同樣重要的是,您require的 s 是錯誤的。puppet 嘗試管理您的資源的順序是

  1. File["/home/vagrant/tmp/apache-tomcat-7.0.42/bin/*.sh"]
  2. File["home/vagrant/tmp"]
  3. 要麼(因為你沒有指定)Exec['get-tomcat']要麼Exec['expand-tomcat']
  4. 要麼(因為你沒有指定)Exec['get-tomcat']要麼Exec['expand-tomcat']

您注意到的所有權問題是因為您在 /home/vagrant/tmp 中為文件聲明的使用者和組在 tomcat 文件存在之前生效。

我認為您正在嘗試編寫以下內容:

class tomcat{

 $scripts = [
     '/home/vagrant/tmp/apache-tomcat-7.0.42/daemon.sh',
     '/home/vagrant/tmp/apache-tomcat-7.0.42/digest.sh',
     '/home/vagrant/tmp/apache-tomcat-7.0.42/setclasspath.sh',
     '/home/vagrant/tmp/apache-tomcat-7.0.42/shutdown.sh',
     '/home/vagrant/tmp/apache-tomcat-7.0.42/startup.sh',
     '/home/vagrant/tmp/apache-tomcat-7.0.42/tool-wrapper.sh',
     '/home/vagrant/tmp/apache-tomcat-7.0.42/version.sh'
 ]

 file { '/home/vagrant/tmp':
   ensure => 'directory',
   owner  => 'vagrant',
   group  => 'vagrant',
   mode   => 'u+rwx',
 }

 exec { 'get-tomcat':
   command => 'wget http://apache.crihan.fr/dist/tomcat/tomcat-7/v7.0.42/bin/apache-tomcat-7.0.42.tar.gz',
   cwd     => '/home/vagrant/tmp',
   path    => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
   creates => '/home/vagrant/apache-tomcat-7.0.42.tar.gz',
   require => File['/home/vagrant/tmp'],
 }

 exec { 'expand-tomcat':
   command => 'tar xzf apache-tomcat-7.0.42.tar.gz',
   cwd     => '/home/vagrant/tmp',
   path    => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
   creates => '/home/vagrant/apache-tomcat-7.0.42',
   require => Exec['get-tomcat'],
 }

 file { $scripts:
   owner   => 'vagrant',
   group   => 'vagrant',
   mode    => 'u+rwx',
   recurse => true,
   require => Exec['expand-tomcat'],
 }

}

注意我是如何在邏輯上聲明依賴關係的,導致這個順序

  1. File["/home/vagrant/tmp/"]
  2. Exec['get-tomcat']
  3. Exec['expand-tomcat']

其次是所有文件$scripts

引用自:https://serverfault.com/questions/542947