Skip to content

feat: Automate file ownership setting from host migration process #609

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cliffmccarthy wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Automate file ownership setting from host migration process #609

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6551c69
feat: Automate file ownership setting from host migration process
cliffmccarthy Jul 30, 2025
73918e5
chore: Add changelog entry
cliffmccarthy Aug 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 0 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,15 +395,6 @@ in this case, just run `ssh-keygen -R "mail.example.org"` as recommended.
Postfix and Dovecot are disabled for now; we will enable them later.
We first need to make the new site fully operational.

3. On the new site, run the following to ensure the ownership is correct in case UIDs/GIDs changed:

```
chown root: -R /var/lib/acme
chown opendkim: -R /etc/dkimkeys
chown vmail: -R /home/vmail/mail
chown echobot: -R /run/echobot
```

4. Now, update DNS entries.

If other MTAs try to deliver messages to your chatmail domain they may fail intermittently,
Expand Down
14 changes: 14 additions & 0 deletions cmdeploy/src/cmdeploy/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -748,6 +748,20 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
_remove_rspamd()
opendkim_need_restart = _configure_opendkim(mail_domain, "opendkim")

#
# If this system is pre-populated with data from a previous instance,
# we might need to adjust ownership of files.
#
stateful_paths = {
"/etc/dkimkeys": "opendkim",
"/home/vmail/mail": "vmail",
Copy link
Contributor

@missytake missytake Aug 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just realized - /home/vmail/mail can be very large. On large instances, chowning it can take several minutes (e.g. almost 48 minutes on nine.testrun.org); not something we should call on every cmdeploy run.

I suggest that we only call the chown steps when --disable-mail was passed? Then they will not be executed during every deploy.

Copy link
Collaborator Author

@cliffmccarthy cliffmccarthy Aug 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspected this could be high overhead on a server like that, so I agree that we should make this something that runs outside the normal operational flow. It seems like there are probably other use cases for --disable-mail where you still wouldn't want to incur that 48-minute overhead, so I'm starting to think we need a different "verb" for fixing up the state of a migrated server, to be called as a separate step. Or we just keep those steps manual in the docs.

Thanks for submitting the issue in pyinfra!

"/run/echobot": "echobot",
"/var/lib/acme": "root",
}
for stateful_path, path_owner in stateful_paths.items():
files.directory(stateful_path) # In case it doesn't exist yet.
server.shell("chown {}: -R {}".format(path_owner, stateful_path))

systemd.service(
name="Start and enable OpenDKIM",
service="opendkim.service",
Expand Down