Getting a strange error for file resource when recursive=remote

asked 2017-05-09 02:29:02 -0600

Note - a puppet newbie here - any help is much appreciated :-)

We are getting a "Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Permission denied" whenever a file being accessed/referenced via the file resource (directive) "recurse = remote" function is not world readable on the puppet master. It does not appear to be a file owner/group thing - it appears that all files within the source tree actually require file level accessibility to be world readable (004 mask) on the master so to deploy the file within a recursive block to a node without the above error. This is on PE 3.8 CentOS 6.8.

Is this a bug? Is this a configuration setting? The thing is that this is a blocker for us - we would like to deploy a directory tree but the world permissions cannot have read access on the node once deployed.

huh?

Thanks in advance!

edit retag flag offensive close merge delete

Comments

What are the existing permissions on the files in that directory tree when it was failing to deploy? Generally speaking it shouldn't need to be world readable, just readable to the puppet master.

smarlow gravatar imagesmarlow ( 2017-05-09 11:04:09 -0600 )edit

I have tried many combinations of owner (root, peadmin, etc), group (root, peadmin, etc), and many different modes (including weird ones like (601, 411, ...) as well as the common ones (644, etc). The _only_ success is when the file is world readable. The parent dirs are all 775.

windoverwater gravatar imagewindoverwater ( 2017-05-09 14:41:39 -0600 )edit

p.s. the test case includes several files in the (files) source directory and below. All the files are world readable (so they deploy) except the file of interest - so to figure out what is specifically needed to deploy a file without world read-ability.

windoverwater gravatar imagewindoverwater ( 2017-05-09 14:47:39 -0600 )edit