You’re not doing anything wrongly.
NFS directory have it’s own ownership and permission and by default it’s
root:root 777 on netapp storage.
You see them as nfsnobody because you did not export with “root” permission.
In your example this is what happen:
- First run
o Directory /data/app created with root:root 0755 permission
o Nfs_server:/app mounted over /data/app (now it has 777 permission and
nfsnobody because you mounted a different directory and the permission are the
one on the nfs volume/directory).
- Second run
o Puppet will try to change the /data/app to root:root 0755 (it will change the
permission on the netapp volume/directory in this case). Not sure if this work
or you should set the export permission for root user on the export
configuration on netapp.
What you can do to make it work in just one run is to create the directory with
an exec resource and put the file resource after the mount… something like this:
exec { "mkdir -p /data/app":
creates => ‘/data/app’,
}
mount { '/data/app':
ensure => mounted,
device => nfs_server:/app
dump => 0,
fstype => 'nfs',
target => '/etc/fstab',
notify => File['/data/app'],
}
file { '/data/app':
ensure => directory,
owner => root,
group => root,
mode => '0755',
}
Da: puppet-users@googlegroups.com <puppet-users@googlegroups.com> Per conto di
Mike Langhorst
Inviato: venerdì 17 agosto 2018 23:51
A: Puppet Users <puppet-users@googlegroups.com>
Oggetto: Re: [Puppet Users] Managing mounted NFS shares, when having no write
permission on that share
It's v3.
Maybe I'm doing something wrong.
The file { '/data/app' resource and the nfs share are the same location, so
when it comes back on subsequent runs, it now sees that file /data/app is no
longer owned as root and has 777 perms rather than 755
On Friday, August 17, 2018 at 2:30:55 PM UTC-7, Arnau wrote:
Hi,
Are you sure you are mounting nfs v3 and not 4?
Puppet does nothing with the content of the mount so it has to be some
(missing/wrong) mount option.
HTH,
Arnau
El dv., 17 ag. 2018 , 23:03, Mike Langhorst <javascript:> va escriure:
I'm having some issues with managing a mount point for an NFS server.
Specifically when the client system has no root write privileges to that NFS
share.
I need to mount a NetApp NFS/Cifs share to a filesystem location /data/app.
So I'll need to manage the file resource /data/app, and as typical the owner
and mode.
file { '/data/app':
ensure => directory,
owner => root,
group => root,
mode => '0755',
}
mount { '/data/app':
ensure => mounted,
device => nfs_server:/app
dump => 0,
fstype => 'nfs',
target => '/etc/fstab',
require => File['/data/app'],
}
So when I mount this nfs to /data/app, that share and it's contents are
nfsnobody, or some other high numbered uid, with varying permissions,
sometimes 777. The NetApp may show 777, but it's applying other ACLs due to
the CIFS share. For the different shares I've had to mount, that uid and
permissions have been different so I couldn't do something like updating the
module/hiera data to match after the fact as I still wouldn't want that
underling directory /data/app to be 777.
I don't see anything in the file resource spec to allow for an "onlyif" or such.
Any ideas on how to manage this?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c06294e4-21c7-43a8-9c06-1ac8b8c90731%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cf58c43e-eb27-4379-be2f-bfd88d240a4f%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
________________________________
Questo messaggio di posta elettronica contiene informazioni di carattere
confidenziale rivolte esclusivamente al destinatario sopra indicato. E' vietato
l'uso, la diffusione, distribuzione o riproduzione da parte di ogni altra
persona. Nel caso aveste ricevuto questo messaggio di posta elettronica per
errore, siete pregati di segnalarlo immediatamente al mittente e distruggere
quanto ricevuto.
This communication may contain privileged or proprietary information for
receipt and use solely by the addressee(s) named above. If you are not an
intended recipient, any disclosure, copying or use of this information is
prohibited. If you have received this communication in error, please delete
and/or destroy it and kindly notify the sender.
Rispetta l’ambiente, se non è necessario non stampare questa mail
Please consider the environment before printing this e_mail
Kuwait Petroleum Italia SpA
00144 Roma, Viale dell’Oceano Indiano, 13 - Telefono 06 520881 Fax 06 52088655
Società con socio unico.Società soggetta ad attività di direzione e
coordinamento della Kuwait Petroleum Corporation.
Sede in Roma - Capitale Sociale Euro 130.000.000 int. vers. - R.E.A. di Roma N.
73832 – Uff. Reg. Imprese di Roma e C.F. 00435970587 Partita IVA 00891951006
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3F92530EAB676D4E92A76734815EAE1F02341FC7C9%40itromex01.Q8INT.com.
For more options, visit https://groups.google.com/d/optout.
