Use rsync to copy pack contents #415
Conversation
pull-request-size
bot
added
the
size/M
There was a problem hiding this comment.
Either we do something like this, or we make the command configurable via values.
Maybe .utility.rsync = "rsync -rlp". That would mean the user would have to update this if they needed to switch to "cp". Or we keep both, but allow specifying the args.
utility:
rsync: "rsync -a"
cp: "cp -aR"utility:
rsync: "rsync -rlE"
cp: "cp -dR --preserve=mode"The gotcha with making it configurable is that people could forget to include recursive, symlinks, and preserving execute bits.
templates/_helpers.tpl
Outdated
| /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared | ||
| - > | ||
| if command rsync; then | ||
| rsync -a /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && |
There was a problem hiding this comment.
-a is equivalent to -rlptgoD: https://www.mankier.com/1/rsync#--archive
-r: copy directories recursively-l: recreate symlinks in destination-p: permissions-t: modification times-g: copy gid (group id) by name-o: copy oid (owner id) by name-D: devices (character and block) and specials (sockets, fifos, etc)
Of those, I'm confident we need -rlp or -rlE (where -E is short for --executability, a subset of -p). Depending on which user is running this, we might also want -og. The other parts of -a are probably not necessary.
There was a problem hiding this comment.
I think I'll push a commit that switches to -rlptD based on rsync...Stealthii:stackstorm-k8s:rsync
templates/_helpers.tpl
Outdated
| rsync -a /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && | ||
| rsync -a /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared; | ||
| else | ||
| /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && |
There was a problem hiding this comment.
-a is equivalent to -dR --preserve=all:
-d: is equivalent to-P --preserve=links-P: no dereference / never follow symbolic links in SOURCE-R: copy directories recursively--preserve=all: preserve file attributesmodeownershipfor user and grouptimestampslinksfor hard linkscontextfor security contextxattrfor extended attributes
Of these we need -dR --preserve=mode (we need mode to maintain the execute bits of action files). Depending on which user is copying the file, we might also need --preserve=ownership.
There was a problem hiding this comment.
I think I'll push a commit that switches to -RP --preserve=mode,timestamps,links,xattr based on rsync...Stealthii:stackstorm-k8s:rsync
|
In an attempt to solve the ownership issue that blocks #400, we should only preserve the file attributes that matter for this purpose. I've updated a fork of this branch with proposed changes that once verified, could be brought into this PR. |
This change aims to preserve file attributes when copying via rsync or cp, without ownership to enable environments where containers are ran without root privileges. Co-authored-by: Daniel Porter <[email protected]>
Closes #245