wwkimball / wwkimball-sshfs Goto Github PK

View Code? Open in Web Editor NEW

0.0 0.0 1.0 14 KB

Puppet module for managing sshfs servers and clients

Puppet 100.00%

wwkimball-sshfs's People

Contributors

Watchers

Forkers

uoe-pjackson

wwkimball-sshfs's Issues

Allow custom permissions of local mount point

I create a client mount with puppet code such as:

class profiles::example {
  $sftp_storage_private_key = lookup('profiles::example::sftp_storage_private_key')

  class { '::sshfs::client':
    local_mount_point        => '/mnt/example',
    manage_private_key       => true, 
    private_key_path         => '/root/credentials/sshfs.key',
    remote_share_host        => 'server.example.com',
    remote_share_path        => '/',
    remote_share_user_name   => 'example',
    private_key              => $sftp_storage_private_key
  }
}

First puppet run completes without error.

Notice: /Stage[main]/Sshfs::Client::Mount/File[/mnt/example]/ensure: created (corrective)
Notice: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]/ensure: ensure changed 'unmounted' to 'mounted' (corrective)
Info: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]: Scheduling refresh of Mount[/mnt/example]
Info: Mount[/mnt/example](provider=parsed): Remounting
Notice: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]: Triggered 'refresh' from 1 event
Info: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]: Scheduling refresh of Mount[/remote/apps-sftpxfr]

If the remote sshfs share has filesystem permission of 755 after the initial successful puppet run the next and all subsequent puppet runs report an error:

Error: failed to set mode 0755 on /remote/apps-sftpxfr: Permission denied @ apply2files - /remote/apps-sftpxfr
Error: /Stage[main]/Sshfs::Client::Mount/File[/remote/apps-sftpxfr]/mode: change from '0755' to '0775' failed: failed to set mode 0755 on /remote/apps-sftpxfr: Permission denied @ apply2files - /remote/apps-sftpxfr (corrective)

I believe that this is due to the hardcoded permissions mode of 0775 in manifests/client/mount.pp

  file { $sshfs::client::local_mount_point:
    ensure => directory,
    owner  => $sshfs::client::local_share_user_name,
    group  => $sshfs::client::local_share_group_name,
    mode   => '0775',
  }

I'll create a Pull request to change this to a variable (defaulting to 0775)

Thanks!

SSH Private key exposed in puppet run

I create a client mount with puppet code such as:

class profiles::example {
  $sftp_storage_private_key = lookup('profiles::example::sftp_storage_private_key')

  class { '::sshfs::client':
    local_mount_point        => '/mnt/example',
    manage_private_key       => true, 
    private_key_path         => '/root/credentials/sshfs.key',
    remote_share_host        => 'server.example.com',
    remote_share_path        => '/',
    remote_share_user_name   => 'example',
    private_key              => $sftp_storage_private_key
  }
}

The run from the puppet agent run includes the cleartext private key. I've generated a throwaway private key for this issue report

Notice: /Stage[main]/Sshfs::Client::User/File[/root/credentials/sshfs.key]/content:
--- /root/credentials/sshfs.key        2022-01-31 17:01:25.664174962 +0000
+++ /tmp/puppet-file20220131-126323-uhhuq1      2022-01-31 17:01:43.275610991 +0000
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEApb6csXjogK5tniz2OCQW4CAENbC5/M9fbXIXves3QaGTccHZ
+DykqOLALXVgpQnm5MsuK25ZBUJYjrvQvi9YVR8H512r9p6hydQ5SVAYLdkgQ2/Lo
+6veYCmbrGECOVoWE0KzS+mMiTK/OSp8HFQLQnyqddBAdAy2syhRj0TzNkCZdpvNe
+59yILaL+Y+0BvAhaB/iW2YzMszm1j4g5Z5s/46HuEA5b0VJNsxRFqnKuq3EAoX4C
+Pg8Higc7eh4o0t4AlyVMjr6NxaBi4dVyD3w0Bth94byagFz379d5OCScu2ErVBgG
+41UvBZxuPyNrcDoUGPeUFYiLSVZEyf03b3M1GQIDAQABAoIBAEMVE9xsoEW801cK
+wZjVWoDZ1Hpajdw5nljwrZVLhzDEEaYgHBcbxR/ueJsOHJzwITni0c+wT70rF0Qv
+RrMlMbW6V8GNZx6deb3Qzxd83tS/tDshZI39KgdDwnEtZ66zGZ9P45A94VsCaM8g
+8D/bxM429EVOZD+uE9oySHgeUOC/T2ACCRSqANdtvvTLeA+ULuacKz5MxzaBij86
+o0CeJT31F0Y/pANd8AdQbMKLjkFgiHCgSmmz0fsXAtVIfTFNgrMPHkP72JZStJku
+kLIuCL9ns9OQQpjwGJ51n8hDbKTY9RAmoN8DBHe9s1WfaqzdJwsZ7wi3nTSN09z1
+UeGjYBUCgYEA26va86pgP+dIGylCNLlTVKkmbNAo59l5/6laJtcN1GnbYsNk5eZN
+nWQFg0pTTQ5SSVokO80OZYCuI3BxSOqUVFaK1P9xl7rboffnUwsohE9ed9RoNDHe
+XIAqnnmuBKNvfwIQ77WIPQSk0IPhXxJv/SF8fi+ForQTl0hd4sdDFfsCgYEAwSeu
+KFSvsw1lrwUs/PyRCVHbzqdmj/l8ETFYXpDi6YK6jhXc48TMvIjYWD2gOkuMqj0B
+0p8TTTPkEq2yD/t8rghHwxvjv0AKb79nswzytgsv/IsB+elI3Q88wyNYlF2SeU2B
+FRkDRwE+2fi6tx0tAan2RehDdPz2i2Qiz7/tePsCgYBqT6ieRjVgl+jwpC4TYCFx
+Fo+vF6rEUh7V2Tr1ExzxUO3IxXF+RdAIPNDiMkVQRH8UWtiwTFQMUZN1OUTKGiUB
+EAUOgjWSTe9fWp+MNBk+tz6r1ZM8t2m68JgvrAnI2uPp3rEdoYg2p5mwBDM9FKo4
+Ik2isBMHpAjbLT2qs+7GowKBgAu9LKF43CDGrKphZyWM+AeX+QLrO5l+cSLeW9+L
+cK7+afYesAkLueGvc26ReD5yvv7NrGGvl0223KKh+dNs1lwBVtMty76g1sGJ4XSJ
+UersbSMtE5arrej5dxjo+gYyVaeXpUOx/HgBRF+c9UQRut2CBdyjzA29HgLEuDTm
+FjmnAoGAS0K6BBuQFahC4N3wpRNbxtxFe4yh6ZbHOg7/aVVp8UeGAs8Zen+BWSZ5
+U3TZno0/uI0hJSrCfU/Zb0RINqis0pRYvczjPLveycsDg1hcNVf6u3xyVJvUpes3
+eZN4lJZ9KSzlZ9aQsp96jOxbG989DqvBKYoQnfe4Ix7V04/nkJM=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file

I suggest adding show_diff => false to manifests/client/user.pp

     file { $sshfs::client::private_key_path:
      ensure    => file,
      content   => $sshfs::client::private_key,
      owner     => 'root',
      group     => 'root',
      mode      => '0400',
      require   => [ File[$key_path] ],
      show_diff => false,
    }

This will result in the output similar to
Notice: /Stage[main]/Sshfs::Client::User/File[/root/credentials/sshfs.key]/content: content changed '{sha256}e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' to '{sha256}76297943d84739a 726fd786b0a84ab8611c526ca6abed627073bfd8816ba1e5f' (corrective)

I'll create a Pull request for this change.

Thanks!

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.