Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

message : The source_permissions parameter is deprecated #315

Open
Dan33l opened this issue Dec 4, 2018 · 4 comments · Fixed by vshn/puppet-openvpn#3
Open

message : The source_permissions parameter is deprecated #315

Dan33l opened this issue Dec 4, 2018 · 4 comments · Fixed by vshn/puppet-openvpn#3
Labels
enhancement New feature or request

Comments

@Dan33l
Copy link
Member

Dan33l commented Dec 4, 2018
edited
Loading

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 5 or 6
  • Ruby:
  • Distribution: any
  • Module version: 7.4.0

How to reproduce (e.g Puppet code you use)

What are you seeing

We are using file resource with source_permissions attribute here :
https://github.com/voxpupuli/puppet-openvpn/blob/master/manifests/ca.pp#L63

It looks to do the expected job and docs about types does not show deprecation message.

The deprecation message is relevant :
https://tickets.puppetlabs.com/browse/PUP-9332

What behaviour did you expect instead

no deprecation message

Output log

$> puppet apply --verbose --detailed-exitcodes /tmp/apply_manifest.pp.3BVJmE
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for vpnserver in environment production in 0.21 seconds
Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
(file: /etc/puppetlabs/code/modules/openvpn/manifests/ca.pp, line: 59)
Info: Applying configuration version '1543266749'

Any additional information you'd like to impart

Probably, it should be possible to use https://github.com/puppetlabs/puppetlabs-rsync , instead of file resource.
@juniorsysadmin juniorsysadmin added the enhancement New feature or request label Dec 5, 2018
@Dan33l Dan33l mentioned this issue May 15, 2019
Closed
@jkroepke jkroepke mentioned this issue Nov 9, 2019
Closed
@TheBigLee TheBigLee mentioned this issue Dec 13, 2019
Merged
@jkroepke
Copy link
Contributor

There is no requirement to copy the easyrsa files to /etc/openvpn/<server>/easyrsa.

Last week I tested easyrsa 3 and the possible to generate a whole PKI while easyrsa is still in /usr/share/easyrsa

If easyrsa is not copied anymore, the deprecated is gone, too.

@Dan33l
Copy link
Member Author

Dan33l commented Jan 20, 2020

Interesting, thank you @jkroepke .
Since we support OSes that provides version 2, does it works also with easyrsa 2 too ?

@jkroepke
Copy link
Contributor

Technically yes (untested).
https://github.com/OpenVPN/easy-rsa-old/blob/105a02011116fc1500e42fd28fa50d9f0fc6e295/easy-rsa/2.0/vars#L39

But the commentary of easyrsa explains that the entire easyrsa should be copied otherwise all keys? are lost.

It might be true, if the keys are also created in /usr/share/easyrsa but if the PKI root is outside this folder any file inside the pki should not deleted by a rpm upgrade.

https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L3

@Dan33l
Copy link
Member Author

Dan33l commented Mar 5, 2020

The source_permissions parameter will be undeprecated :
https://tickets.puppetlabs.com/browse/PUP-10253

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
3 participants
@jkroepke @juniorsysadmin @Dan33l