untar fdi-image as proxy user/group #774
Conversation
|
@ekohl Is it possible to introduce |
jhoblitt
force-pushed
the
feature/fdi-ownership
branch
from
d6a96a8
to
99c0969
Compare
jhoblitt
force-pushed
the
feature/fdi-ownership
branch
2 times, most recently
from
ee13da7
to
b1e101f
Compare
There was a problem hiding this comment.
I'm unsure about adding a dependency since I like to keep the dependencies light. On the other hand, I do see the benefit of using checksums.
https://puppet.com/docs/puppet/7/type.html#file-attribute-checksum doesn't appear to be what you want and I can't determine if https://puppet.com/docs/puppet/7/type.html#file-attribute-checksum_value is either.
As this lookup may have useful for other/future acceptance tests.
To prevent fdi-image files from being chown'd on subsequent puppet agent runs.
jhoblitt
force-pushed
the
feature/fdi-ownership
branch
from
b1e101f
to
4d45394
Compare
I'm not sure how to use those params to achieve a digest validation of a downloaded file. I suppose it might be possible to use the path of downloaded file as the |
That is a good question. I don't think foreman tries to download and replace the image file so it could be |
|
Do you want me to change the ownership? |
|
I'd prefer root. The only downside is that |
|
I just ran into the current logic not unpackaging the tarball if the |
There was a problem hiding this comment.
Something else to consider: in theory it's also possible to build a proper package instead of having to retrieve a tarball. It's actually what we do in downstream and would align much better.
To open that discussion I started theforeman/foreman-packaging#8929.
| ).without( | ||
| ).that_requires('Exec[mkdir -p /tmp]') |
There was a problem hiding this comment.
| ).without( | |
| ).that_requires('Exec[mkdir -p /tmp]') | |
| ).that_requires('Exec[mkdir -p /tmp]') |
|
I general prefer using the package manager, when possible, but that is a bit of a heavy weight solution... I think we need to the ability to download images, at least for testing. |
I just ran into this as well when trying to update the FDI tar file. It's because of the Seems like the |
Previously, if you change the image_name (such as for updating the Foreman Discovery Image version), the new tar file would be downloaded but not untarred because the content of the previous tar file would be there and pass the `creates` check. If we use `refreshonly` instead of `creates`, the untar exec will be executed when the tar file is updated, as expected. See also: theforeman#774 (comment)
Previously, if you change the image_name (such as for updating the Foreman Discovery Image version), the new tar file would be downloaded but not untarred because the content of the previous tar file would be there and pass the `creates` check. If we use `refreshonly` instead of `creates`, the untar exec will be executed when the tar file is updated, as expected. See also: theforeman#774 (comment)
Previously, if you change the image_name (such as for updating the Foreman Discovery Image version), the new tar file would be downloaded but not untarred because the content of the previous tar file would be there and pass the `creates` check. If we use `refreshonly` instead of `creates`, the untar exec will be executed when the tar file is updated, as expected. See also: theforeman#774 (comment)
Previously, if you change the image_name (such as for updating the Foreman Discovery Image version), the new tar file would be downloaded but not untarred because the content of the previous tar file would be there and pass the `creates` check. If we use `refreshonly` instead of `creates`, the untar exec will be executed when the tar file is updated, as expected. See also: theforeman#774 (comment)
To prevent fdi-image files from being chown'd on subsequent puppet agent
runs.