Change defaults fro incoming/outgoing chmod (rsync)

In a previous release, we sent a warning about the default incoming/outgoing chmod that was configured for rsync. We mentionned it was risky and people should avoid using 0644 like it was by default. For backward compatibility, we kept this default and sent a warning. 2 releases later, this patch aims to change the default and stop to send the warning. Change-Id: Ic3aaaec0eee4225bf2021937edf972528ea72e2c Closes-bug: #1433390
2015-12-24 14:52:39 +01:00 · 2015-12-24 14:52:39 +01:00 · e52ebb053b
parent 90a3744af9
commit e52ebb053b
4 changed files with 16 additions and 28 deletions
--- a/manifests/storage/all.pp
+++ b/manifests/storage/all.pp
@ -64,13 +64,11 @@
 #   Defaults to true.
 #
 # [*incoming_chmod*] Incoming chmod to set in the rsync server.
-#   Optional. Defaults to 0644 for maintaining backwards compatibility.
-#   *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+#   Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
 #   This mask translates to 0755 for directories and 0644 for files.
 #
 # [*outgoing_chmod*] Outgoing chmod to set in the rsync server.
-#   Optional. Defaults to 0644 for maintaining backwards compatibility.
-#   *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+#   Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
 #   This mask translates to 0755 for directories and 0644 for files.
 #
 class swift::storage::all(
@ -89,8 +87,8 @@ class swift::storage::all(
  $log_udp_host       = undef,
  $log_udp_port       = undef,
  $log_requests       = true,
-  $incoming_chmod     = '0644',
-  $outgoing_chmod     = '0644',
+  $incoming_chmod     = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+  $outgoing_chmod     = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
 ) {

  if (!$mount_check) {
--- a/manifests/storage/server.pp
+++ b/manifests/storage/server.pp
@ -31,13 +31,11 @@
 #   Defaults to 25.
 #
 # [*incoming_chmod*] Incoming chmod to set in the rsync server.
-#   Optional. Defaults to 0644 for maintaining backwards compatibility.
-#   *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+#   Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
 #   This mask translates to 0755 for directories and 0644 for files.
 #
 # [*outgoing_chmod*] Outgoing chmod to set in the rsync server.
-#   Optional. Defaults to 0644 for maintaining backwards compatibility.
-#   *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+#   Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
 #   This mask translates to 0755 for directories and 0644 for files.
 #
 # [*pipeline*]
@ -117,8 +115,8 @@ define swift::storage::server(
  $devices                = '/srv/node',
  $owner                  = 'swift',
  $group                  = 'swift',
-  $incoming_chmod         = '0644',
-  $outgoing_chmod         = '0644',
+  $incoming_chmod         = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+  $outgoing_chmod         = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
  $max_connections        = 25,
  $pipeline               = ["${type}-server"],
  $mount_check            = undef,
@ -139,14 +137,6 @@ define swift::storage::server(
  $config_file_path       = "${type}-server.conf",
 ) {

-  if ($incoming_chmod == '0644') {
-    warning('The default incoming_chmod set to 0644 may yield in error prone directories and will be changed in a later release.')
-  }
-
-  if ($outgoing_chmod == '0644') {
-    warning('The default outgoing_chmod set to 0644 may yield in error prone directories and will be changed in a later release.')
-  }
-
  if (!$mount_check) {
    warning('The default for the mount_check parameter will change from false to true in the next release to match upstream. To disable this warning, set mount_check=false.')
    $mount_check_real = false
--- a/spec/classes/swift_storage_all_spec.rb
+++ b/spec/classes/swift_storage_all_spec.rb
@ -21,8 +21,8 @@ describe 'swift::storage::all' do
      :container_port => '6001',
      :account_port => '6002',
      :log_facility => 'LOG_LOCAL2',
-      :incoming_chmod => '0644',
-      :outgoing_chmod => '0644',
+      :incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+      :outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
      :log_requests => true
    }
  end
@ -43,8 +43,8 @@ describe 'swift::storage::all' do
      :account_pipeline => ["5", "6"],
      :allow_versions => true,
      :log_facility => ['LOG_LOCAL2', 'LOG_LOCAL3'],
-      :incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
-      :outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+      :incoming_chmod => '0644',
+      :outgoing_chmod => '0644',
      :log_requests => false
    }
  ].each do |param_set|
--- a/spec/defines/swift_storage_server_spec.rb
+++ b/spec/defines/swift_storage_server_spec.rb
@ -19,8 +19,8 @@ describe 'swift::storage::server' do
      :devices         => '/srv/node',
      :owner           => 'swift',
      :group           => 'swift',
-      :incoming_chmod  => '0644',
-      :outgoing_chmod  => '0644',
+      :incoming_chmod  => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+      :outgoing_chmod  => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
      :max_connections => '25',
      :log_requests    => true
    }
@ -161,8 +161,8 @@ describe 'swift::storage::server' do
          :lock_file       => "/var/lock/#{t}.lock",
          :uid             => 'swift',
          :gid             => 'swift',
-          :incoming_chmod  => '0644',
-          :outgoing_chmod  => '0644',
+          :incoming_chmod  => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+          :outgoing_chmod  => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
          :max_connections => 25,
          :read_only       => false
        )}