capi: suppress warnings on creating files without mode #339
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Hi @dongsupark. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/assign @detiber |
dongsupark
force-pushed
the
dongsu/suppress-mode-warning
branch
from
9188e53
to
6b77982
Compare
|
/ok-to-test Thanks for bringing this up, @dongsupark. That issue you linked was illuminating. |
k8s-ci-robot
added
ok-to-test
|
@codenrhoden Sure. Let me know if any regression was found during the full tests. |
| @@ -50,21 +51,25 @@ | |||
| section: Service | |||
| option: Type | |||
| value: notify | |||
| mode: 0600 | |||
There was a problem hiding this comment.
This should probably be 0644 judging by the state of existing systemd unit files on my system
| mode: 0600 | |
| mode: 0644 |
|
|
||
| - name: Create containerd boot order drop in file | ||
| template: | ||
| dest: /etc/systemd/system/containerd.service.d/boot-order.conf | ||
| src: etc/systemd/system/containerd.service.d/boot-order.conf | ||
| mode: 0600 |
There was a problem hiding this comment.
| mode: 0600 | |
| mode: 0644 |
|
|
||
| - name: Create containerd memory pressure drop in file | ||
| template: | ||
| dest: /etc/systemd/system/containerd.service.d/memory-pressure.conf | ||
| src: etc/systemd/system/containerd.service.d/memory-pressure.conf | ||
| mode: 0600 |
There was a problem hiding this comment.
| mode: 0600 | |
| mode: 0644 |
|
|
||
| - name: Create containerd max tasks drop in file | ||
| template: | ||
| dest: /etc/systemd/system/containerd.service.d/max-tasks.conf | ||
| src: etc/systemd/system/containerd.service.d/max-tasks.conf | ||
| mode: 0600 |
There was a problem hiding this comment.
| mode: 0600 | |
| mode: 0644 |
| @@ -75,6 +80,7 @@ | |||
| template: | |||
| dest: /etc/containerd/config.toml | |||
| src: etc/containerd/config.toml | |||
| mode: 0600 | |||
There was a problem hiding this comment.
package installed version of this file is 0644 on my system.
| mode: 0600 | |
| mode: 0644 |
| @@ -34,6 +34,7 @@ | |||
| overlay | |||
| br_netfilter | |||
| dest: /etc/modules-load.d/kubernetes.conf | |||
| mode: 0600 | |||
There was a problem hiding this comment.
| mode: 0600 | |
| mode: 0644 |
| @@ -46,6 +46,7 @@ | |||
| file: | |||
| src: /usr/libexec/cloud-init | |||
| dest: /usr/lib/cloud-init | |||
| mode: 0700 | |||
There was a problem hiding this comment.
I wouldn't expect there to be a need for setting a mode for a symlink, I would expect it to be 0777 by default: https://man7.org/linux/man-pages/man7/symlink.7.html#:~:text=On%20Linux%2C%20the%20permissions%20of,and%20can't%20be%20changed.
| @@ -16,6 +16,7 @@ | |||
| template: | |||
| src: etc/apt/sources.list.j2 | |||
| dest: /etc/apt/sources.list | |||
| mode: 0600 | |||
There was a problem hiding this comment.
Judging by the default mode of /etc/apt/sources.list on a new system, this should probably be:
| mode: 0600 | |
| mode: 0644 |
| @@ -36,6 +37,7 @@ | |||
| copy: | |||
| src: "{{ item }}" | |||
| dest: "/etc/apt/sources.list.d/{{ item | basename }}" | |||
| mode: 0600 | |||
There was a problem hiding this comment.
| mode: 0600 | |
| mode: 0644 |
| @@ -29,5 +29,6 @@ | |||
| copy: | |||
| src: "{{ item }}" | |||
| dest: "/etc/yum.repos.d/{{ item | basename }}" | |||
| mode: 0600 | |||
There was a problem hiding this comment.
| mode: 0600 | |
| mode: 0644 |
Since Ansible 2.9.12 or 2.8.14, Ansible shows the following warning, when a file gets created with `mode` not being specified in the config. ``` [WARNING]: File '/tmp/kube-apiserver.tar' created with default permissions '600'. The previous default was '666'. Specify 'mode' to avoid this warning. ``` To get rid of such a warning, specify `mode` to correct modes like 0644 when creating files, as much as possible. See also ansible/ansible#71200 .
dongsupark
force-pushed
the
dongsu/suppress-mode-warning
branch
from
6b77982
to
d46aa1e
Compare
|
@detiber Thanks for the suggestions. Updated the PR. |
| @@ -16,6 +16,7 @@ | |||
| template: | |||
| dest: /home/builder/.bash_profile | |||
| src: photon_bash_profile | |||
| mode: 0600 | |||
There was a problem hiding this comment.
@codenrhoden This is the only mode change that I'm unsure about, can you verify that the bash profile here still works as expected?
There was a problem hiding this comment.
Tried this out -- works just fine. I think this is good to go now.
|
/lgtm Thanks for tackling this @dongsupark |
k8s-ci-robot
added
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: codenrhoden, dongsupark The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Since Ansible 2.9.12 or 2.8.14, Ansible shows the following warning, when a file gets created with
modenot being specified in the config.To get rid of such a warning, specify
modeto 0600 when creating files, as much as possible.See also ansible/ansible#71200 .