/chef

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows permissions convergence on every run #8215

Open
bm7150 opened this Issue Feb 6, 2019 · 0 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@bm7150
@bm7150
Copy link

bm7150 commented Feb 6, 2019

Description

Within our chef cookbooks on Windows, we need to include the synchronize permission on our directories, which is not currently an option for the windows file/directory resources. To get around this, we are using the bitmask to set those permissions to give us a bit more granular control over what permissions are set.

The problem is that we end up with those resources converging on every run of the chef client, keeping our cookbooks from being idempotent.

I've included below in the replication section a cookbook that can be spun up in the kitchen environment that replicates the issue we are seeing.

Chef Version

Chef Client: Exists in both 14.10.9-1 and 13.6.0, and i'm guessing anything in between

Platform Version

OS: Windows server 2016 (happens in Windows server 2012 and 2008r2 as well)
Chef Client: Tested in both 14.10.9-1 and 13.6.0

Replication Case

I've created a public cookbook that simulates what we are accomplishing that can be run in test-kitchen with the vagrant plugin.

Perms-Cookbook

Just download and run kitchen converge multiple times (was never able to get the multiple_converge option to work in my kitchen.yml, might be a local issue though). You can see during the directory task - change dacl appears each time.

Client Output

Link to gist with relevant output:

Client-Output
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment