Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yedit module will modify the file permissions after execution #77

Open
EdmundDXu opened this issue Mar 26, 2020 · 0 comments · May be fixed by #94
Open

yedit module will modify the file permissions after execution #77

EdmundDXu opened this issue Mar 26, 2020 · 0 comments · May be fixed by #94

Comments

@EdmundDXu
Copy link

EdmundDXu commented Mar 26, 2020
edited
Loading

Hi, I recently encountered a problem when using the yedit module. First, I executed the file module to modify the permissions of a file and changed it to 0600. Then I executed the yedit module to inject a key into this file, and the result was this file. The permissions changed to 0644 again.

Will the yedit module modify the file permissions after execution?

Example:
At first, the permission of /etc/origin/master/master-config.yaml are 0644

[root@ocp-node01 etc]# stat /etc/origin/master/master-config.yaml
  File: ‘/etc/origin/master/master-config.yaml’
  Size: 6940      	Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 101353485   Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

Then ,I execute the task below to modify file permission.

- name: "Verify Permissions on the OpenShift Master Configuration File"
  file:
    path: /etc/origin/master/master-config.yaml
    mode: 0600
    state: file

and sucess.

[root@ocp-node01 etc]# stat /etc/origin/master/master-config.yaml
  File: ‘/etc/origin/master/master-config.yaml’
  Size: 6940      	Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 101353485   Links: 1
Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/    root)

After that, I execute the task below to modify file content.

- name: "Enable service-account-lookup on the API Server"
  yedit:
    src: /etc/origin/master/master-config.yaml
    key: kubernetesMasterConfig.apiServerArguments.service-account-lookup
    value:
      - 'true'

With the file content changed, the permissions of the file also changed.

TASK [common : Enable service-account-lookup on the API Server] ****************************************************************************************************************
changed: [192.168.62.121]
[root@ocp-node01 etc]# stat /etc/origin/master/master-config.yaml
  File: ‘/etc/origin/master/master-config.yaml’
  Size: 6940      	Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 101355612   Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

I know I can reverse the order of tasks, but my scenario here is not recommended.
Is there any other way to avoid this?
@benjamb benjamb linked a pull request Sep 24, 2022 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Preserve file mode benjamb/ansible-role-yedit
1 participant
@EdmundDXu