Setting file permssions in the execution phase


#1

Hi I’m quite new to Chef and I’m struggling to set some file permissions
using the following cookbook. I’m using ‘ark’ to install Tomcat (I know
there is a ‘Tomcat’ cookbook however this always pulls in the OpenJDK and I
want to use Oracle’s JDK).

The .tar.gz file is extracted OK however I’m unable to start Tomcat as the
permissions in /usr/local/tomcat/conf have restricted permissions (read and
write permissions for the file owner only).

I have tried using the Chef ‘file’ and ‘directory’ resources to update the
permissions but these don’t seem to have any effect. Does the code below
update permissons in the compile phase or the execution phase? If so what
is the correct way to do this (to update permissions after the ark action
has executed).

ark “tomcat” do
url '
http://mirrors.ukfast.co.uk/sites/ftp.apache.org/tomcat/tomcat-7/v7.0.50/bin/apache-tomcat-7.0.50.tar.gz

mode 0755
#version ‘2.2.0’

test this checksum works…

#checksum ‘18688f15ade6aa1aff510ff1b5990979 *apache-tomcat-7.0.50.zip’
#try adding path attribute…
action :install
end

#["/usr/local/tomcat/logs", “/usr/local/tomcat/conf”].each do | path |

directory path do

mode 0777

recursive true

end

#end

#update permissons on tomcat conf files…
Dir[ “/usr/local/tomcat/conf/**” ].each do |path|
file path do
mode "0755"
action :touch
end
end

Thanks,
Richard.


#2

On Tuesday, February 11, 2014 at 1:24 AM, Richard Murray wrote:

Hi I’m quite new to Chef and I’m struggling to set some file permissions using the following cookbook. I’m using ‘ark’ to install Tomcat (I know there is a ‘Tomcat’ cookbook however this always pulls in the OpenJDK and I want to use Oracle’s JDK).

The .tar.gz file is extracted OK however I’m unable to start Tomcat as the permissions in /usr/local/tomcat/conf have restricted permissions (read and write permissions for the file owner only).

I have tried using the Chef ‘file’ and ‘directory’ resources to update the permissions but these don’t seem to have any effect. Does the code below update permissons in the compile phase or the execution phase? If so what is the correct way to do this (to update permissions after the ark action has executed).

ark “tomcat” do
url 'http://mirrors.ukfast.co.uk/sites/ftp.apache.org/tomcat/tomcat-7/v7.0.50/bin/apache-tomcat-7.0.50.tar.gz
mode 0755
#version ‘2.2.0’

test this checksum works…

#checksum ‘18688f15ade6aa1aff510ff1b5990979 *apache-tomcat-7.0.50.zip’
#try adding path attribute…
action :install
end

#["/usr/local/tomcat/logs", “/usr/local/tomcat/conf”].each do | path |

directory path do

mode 0777

recursive true

end

#end

#update permissons on tomcat conf files…
Dir[ “/usr/local/tomcat/conf/**” ].each do |path|
file path do
mode "0755"
action :touch
end
end

Thanks,
Richard.

Use action :create rather than “touch” on the files. The :touch action is like the touch command, generally you only use it if something is watching the mtime or ctime of a file.


Daniel DeLeo


#3

Thanks for the suggestion. I’ve already tried using the :create action. I
think the problem is that this statement

Dir[ “/usr/local/tomcat/conf/**” ].each do |path|

is being evaludated at compile time (before the directory has been created
by the install action of the ark task.

I mananged to resolve my problem with permissions by setting an owner in
the ‘ark’ task, but would still be interested to know how I can avoid this
problem in future.

On 12 February 2014 02:04, Daniel DeLeo dan@kallistec.com wrote:

On Tuesday, February 11, 2014 at 1:24 AM, Richard Murray wrote:

Hi I’m quite new to Chef and I’m struggling to set some file permissions
using the following cookbook. I’m using ‘ark’ to install Tomcat (I know
there is a ‘Tomcat’ cookbook however this always pulls in the OpenJDK and I
want to use Oracle’s JDK).

The .tar.gz file is extracted OK however I’m unable to start Tomcat as the
permissions in /usr/local/tomcat/conf have restricted permissions (read and
write permissions for the file owner only).

I have tried using the Chef ‘file’ and ‘directory’ resources to update the
permissions but these don’t seem to have any effect. Does the code below
update permissons in the compile phase or the execution phase? If so what
is the correct way to do this (to update permissions after the ark action
has executed).

ark “tomcat” do
url '
http://mirrors.ukfast.co.uk/sites/ftp.apache.org/tomcat/tomcat-7/v7.0.50/bin/apache-tomcat-7.0.50.tar.gz

mode 0755
#version ‘2.2.0’

test this checksum works…

#checksum ‘18688f15ade6aa1aff510ff1b5990979 *apache-tomcat-7.0.50.zip’
#try adding path attribute…
action :install
end

#["/usr/local/tomcat/logs", “/usr/local/tomcat/conf”].each do | path |

directory path do

mode 0777

recursive true

end

#end

#update permissons on tomcat conf files…
Dir[ “/usr/local/tomcat/conf/**” ].each do |path|
file path do
mode "0755"
action :touch
end
end

Thanks,
Richard.

Use action :create rather than “touch” on the files. The :touch
action is like the touch command, generally you only use it if something is
watching the mtime or ctime of a file.


Daniel DeLeo


#4

Hello Richard,

I’m new to Chef myself but I think you should use a ruby_block resource.
See http://docs.opscode.com/resource_ruby_block.html for details.

Hope this helps,
Dennis Benzinger | hybris

On 11.02.2014 10:24, Richard Murray wrote:

Hi I’m quite new to Chef and I’m struggling to set some file
permissions using the following cookbook. I’m using ‘ark’ to install
Tomcat (I know there is a ‘Tomcat’ cookbook however this always pulls
in the OpenJDK and I want to use Oracle’s JDK).

The .tar.gz file is extracted OK however I’m unable to start Tomcat as
the permissions in /usr/local/tomcat/conf have restricted permissions
(read and write permissions for the file owner only).

I have tried using the Chef ‘file’ and ‘directory’ resources to update
the permissions but these don’t seem to have any effect. Does the
code below update permissons in the compile phase or the execution
phase? If so what is the correct way to do this (to update
permissions after the ark action has executed).

ark “tomcat” do
url
http://mirrors.ukfast.co.uk/sites/ftp.apache.org/tomcat/tomcat-7/v7.0.50/bin/apache-tomcat-7.0.50.tar.gz
mode 0755
#version ‘2.2.0’

test this checksum works…

#checksum ‘18688f15ade6aa1aff510ff1b5990979 *apache-tomcat-7.0.50.zip’
#try adding path attribute…
action :install
end
#["/usr/local/tomcat/logs", “/usr/local/tomcat/conf”].each do | path |
#directory path do
#mode 0777
#recursive true
#end
#end

#update permissons on tomcat conf files…
Dir[ “/usr/local/tomcat/conf/**” ].each do |path|
file path do
mode "0755"
action :touch
end
end

Thanks,
Richard.

Dennis Benzinger
Platform Automation Engineer
Managed Services

Nymphenburger Straße 86
80636 München, Deutschland
www.hybris.com http://www.hybris.com

Geschäftsführer:
Ariel Lüdi, Carsten Thoma, Moritz Zimmermann, Michael Zips

Amtsgericht:
München, HRB 124384


#5

I had a similar situation back in October (if you feel like going through
the mailing list archives). As Dennis said, a ruby_block resource is the
way to go. I ended up doing something like the following:

BEGIN CODE

Gotta set up the run context in order to create chef resources inside a

ruby_block
@events = Chef::EventDispatch::Dispatcher.new()
run_context = Chef::RunContext.new( node, @events )

For each directory that has files you want to update

[ ‘/directory/with/files/you/want/to/update/’,
’/another/directory/with/files/
’].each do |dir}
ruby_block “update #{dir}” do
action :create
block do
Dir[ “#{dir}” ].each do |path|
if File.file?(path)
curr_file = Chef::Resource::File.new( path, run_context )
curr_file.owner "foo"
curr_file.group "bar"
curr_file.mode "0640"
curr_file.run_action :create
end
end
end
end
end

END CODE

Hope this makes sense.

-Rob
On Wed, Feb 12, 2014 at 10:57 AM, Dennis Benzinger <
dennis.benzinger@hybris.com> wrote:

Hello Richard,

I’m new to Chef myself but I think you should use a ruby_block resource.
See http://docs.opscode.com/resource_ruby_block.html for details.

Hope this helps,
Dennis Benzinger | hybris

On 11.02.2014 10:24, Richard Murray wrote:

Hi I’m quite new to Chef and I’m struggling to set some file permissions
using the following cookbook. I’m using ‘ark’ to install Tomcat (I know
there is a ‘Tomcat’ cookbook however this always pulls in the OpenJDK and I
want to use Oracle’s JDK).

The .tar.gz file is extracted OK however I’m unable to start Tomcat as the
permissions in /usr/local/tomcat/conf have restricted permissions (read and
write permissions for the file owner only).

I have tried using the Chef ‘file’ and ‘directory’ resources to update the
permissions but these don’t seem to have any effect. Does the code below
update permissons in the compile phase or the execution phase? If so what
is the correct way to do this (to update permissions after the ark action
has executed).

ark “tomcat” do
url '
http://mirrors.ukfast.co.uk/sites/ftp.apache.org/tomcat/tomcat-7/v7.0.50/bin/apache-tomcat-7.0.50.tar.gz

mode 0755
#version ‘2.2.0’

test this checksum works…

#checksum ‘18688f15ade6aa1aff510ff1b5990979 *apache-tomcat-7.0.50.zip’
#try adding path attribute…
action :install
end

#["/usr/local/tomcat/logs", “/usr/local/tomcat/conf”].each do | path |

directory path do

mode 0777

recursive true

end

#end

#update permissons on tomcat conf files…
Dir[ “/usr/local/tomcat/conf/**” ].each do |path|
file path do
mode "0755"
action :touch
end
end

Thanks,
Richard.

Dennis Benzinger
Platform Automation Engineer
Managed Services

Nymphenburger Straße 86
80636 München, Deutschland
www.hybris.com

Geschäftsführer:
Ariel Lüdi, Carsten Thoma, Moritz Zimmermann, Michael Zips

Amtsgericht:
München, HRB 124384