Skip to content

Re-own .bundle Directories on Servers#66833

Merged
Hamms merged 2 commits into
stagingfrom
elijah/chown-.bundle-to-ubuntu
Jul 7, 2025
Merged

Re-own .bundle Directories on Servers#66833
Hamms merged 2 commits into
stagingfrom
elijah/chown-.bundle-to-ubuntu

Conversation

@Hamms

@Hamms Hamms commented Jul 1, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Currently, all of our persistent managed servers will generate .bundle subdirectories owned by the root user within the cookbooks and dashboard directories as a side effect of the CI build:

ubuntu@test:~/test$ find . -name .bundle -type d
./cookbooks/.bundle
./.bundle
./dashboard/.bundle
ubuntu@test:~/test$ ll | grep bundle
drwxr-xr-x  2 ubuntu ubuntu   4096 Jul  2 17:52 .bundle/
ubuntu@test:~/test$ ll cookbooks | grep bundle
drwxr-xr-x  2 root   root     4096 Feb  3  2024 .bundle/
ubuntu@test:~/test$ ll dashboard | grep bundle
drwxr-xr-x  2 root   root    4096 Feb  3  2024 .bundle/

This behavior also manifests on adhocs, although the cookbooks subdir will only show up after a second full build following the first initial build.

Currently, this behavior is messy but not technically problematic, since we do indeed execute (most) of our bundle install operations as the root user. That is bad practice, however, and particularly with the removal of the "auto-sudo" feature in bundler v2.4 we intend to start executing our bundle installs as the ubuntu user.

In preparation for that, this PR adds some logic to chef which will re-own those directories appropriately.

Testing story

To verify both that this change will apply cleanly to our existing persistent managed servers and that it will enable the desired switch, I followed this process:

  1. Spin up an adhoc based off of staging
  2. Trigger one additional ci_build after the adhoc has successfully spun up, which will create the root-owned .bundle directories as a side effect
  3. Merge and push this branch to the adhoc branch; after the local chef cookbooks get updated, manually run sudo chef-client -o cdo-apps from /var/chef to execute the changes, then trigger another build with start-build and verify that it succeeds.
  4. Repeat the previous step with the Install Bundled Gems in Deployment Mode #66536 to the adhoc branch

Follow-up work

Once this change has propagated to all appropriate servers, we can safely merge #66536

Note that because of the order in which we execute things during a CI build, we specifically need for a chef-client run which executes this change to fully complete on the server before a CI build including the next change can begin.

@Hamms Hamms changed the title add basic chef script to automatically re-own existing .bundle directories Re-own .bundle Directories on Servers Jul 2, 2025
@Hamms Hamms marked this pull request as ready for review July 3, 2025 18:30
@Hamms Hamms requested a review from a team as a code owner July 3, 2025 18:30
@Hamms Hamms merged commit 6d7493f into staging Jul 7, 2025
6 checks passed
@Hamms Hamms deleted the elijah/chown-.bundle-to-ubuntu branch July 7, 2025 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sureshc sureshc sureshc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Hamms @sureshc