diff --git a/ascend_deployer/ansible_plugin/ansible_log.py b/ascend_deployer/ansible_plugin/ansible_log.py index 503b94d354cf706a627be9c3302526c98fedab21..7d4d2f1cc9e1fa260a289ff3fb648135f8e749de 100644 --- a/ascend_deployer/ansible_plugin/ansible_log.py +++ b/ascend_deployer/ansible_plugin/ansible_log.py @@ -375,7 +375,7 @@ class BasicLogConfig(object): backupCount=5, encoding="UTF-8") if not os.path.exists(LOG_PATH): - os.makedirs(LOG_PATH) + os.makedirs(LOG_PATH, mode=0o750, exist_ok=True) if not os.path.exists(LOG_FILE): os.close(os.open(LOG_FILE, os.O_CREAT, stat.S_IRUSR | stat.S_IWUSR)) else: diff --git a/ascend_deployer/ansible_plugin/deploy_info_output_plugin.py b/ascend_deployer/ansible_plugin/deploy_info_output_plugin.py index 3a3ee184a13ff5491939e63bfeafe73c4ce0135e..8f475aeb2a9183744d03aa314698580624a467d0 100644 --- a/ascend_deployer/ansible_plugin/deploy_info_output_plugin.py +++ b/ascend_deployer/ansible_plugin/deploy_info_output_plugin.py @@ -626,7 +626,7 @@ class ProgressManager(object): if not self.need_output: return if not os.path.exists(DEPLOY_INFO_OUTPUT_DIR): - os.makedirs(DEPLOY_INFO_OUTPUT_DIR) + os.makedirs(DEPLOY_INFO_OUTPUT_DIR, mode=0o750, exist_ok=True) with open(self._PROGRESS_OUTPUT_PATH, "w") as output_fs: json.dump(self.get_deployer_progress_output().to_json(), output_fs, indent=4, ensure_ascii=False) diff --git a/ascend_deployer/downloader/downloader.py b/ascend_deployer/downloader/downloader.py index dd6bc6c4df7db5d16da75808309b6c7fff943e5e..50beea92980498b81118a73cdc210379cc3a9a6e 100644 --- a/ascend_deployer/downloader/downloader.py +++ b/ascend_deployer/downloader/downloader.py @@ -284,7 +284,7 @@ def download_dependency(os_list, software_list, download_path, check): download_res_output_json = os.path.join(DOWNLOAD_INFO_OUTPUT_DIR, "failed_download_result_{}_{}.json".format(os.getpid(), formatted_time)) if not os.path.exists(DOWNLOAD_INFO_OUTPUT_DIR): - os.makedirs(DOWNLOAD_INFO_OUTPUT_DIR) + os.makedirs(DOWNLOAD_INFO_OUTPUT_DIR, mode=0o750, exist_ok=True) download_cmd = "--os-list={} --download={}".format(",".join(os_list), ",".join(software_list)) download_info_json = {"download_cmd": download_cmd, "url_open_failed_list": url_open_failed_list, "failed_download_file_list": failed_download_file_list} diff --git a/ascend_deployer/large_scale_deployer.py b/ascend_deployer/large_scale_deployer.py index 2fd67cc307b5d641e30eabfa8b76824c31521ffe..5e54b7f36896022c665da5d013d323a14f942573 100644 --- a/ascend_deployer/large_scale_deployer.py +++ b/ascend_deployer/large_scale_deployer.py @@ -135,7 +135,7 @@ class LargeScaleDeployer: return if os.path.exists(LargeScalePath.REPORT_DIR): shutil.rmtree(LargeScalePath.REPORT_DIR) - os.makedirs(LargeScalePath.REPORT_DIR) + os.makedirs(LargeScalePath.REPORT_DIR, mode=0o750, exist_ok=True) report_file = os.path.join(LargeScalePath.REPORT_DIR, "host_deploy_report.csv") report_json = os.path.join(LargeScalePath.REPORT_DIR, "large_scale_deploy.json") with open(report_json, "w") as output_fs: diff --git a/ascend_deployer/library/generate_check_result_json.py b/ascend_deployer/library/generate_check_result_json.py index c0da1dd85f51a3b26f58808cdae8e3e45a3d10ed..05a169a3dc7c39ba5e7a34533c8fae9d14be6e53 100644 --- a/ascend_deployer/library/generate_check_result_json.py +++ b/ascend_deployer/library/generate_check_result_json.py @@ -142,7 +142,7 @@ class OutputCheck: @staticmethod def generate_check_result_json(check_output): if not os.path.exists(DEPLOY_INFO_OUTPUT_DIR): - os.makedirs(DEPLOY_INFO_OUTPUT_DIR) + os.makedirs(DEPLOY_INFO_OUTPUT_DIR, mode=0o750, exist_ok=True) with open(CHECK_RES_OUTPUT_PATH, "w") as output_fs: json.dump(check_output, output_fs, indent=4, ensure_ascii=False) diff --git a/ascend_deployer/library/install_fault_diag.py b/ascend_deployer/library/install_fault_diag.py index ea5b5bbd8e44c6e9a60777e150d631896193bc2c..0fb616aa83f58f1f614f1fdef0f6a0b47b663a4a 100644 --- a/ascend_deployer/library/install_fault_diag.py +++ b/ascend_deployer/library/install_fault_diag.py @@ -153,7 +153,7 @@ class FaultDiagInstaller(object): venv_pip_path = os.path.join(venv_bin_dir, "pip3") fd_install_dir = self._find_fd_site_package_dir(venv_pip_path) if not os.path.exists(self.dist_tmp_dir): - os.makedirs(self.dist_tmp_dir) + os.makedirs(self.dist_tmp_dir, mode=0o750, exist_ok=True) cmd = """ {} --onefile {} \ --hidden-import=ascend_fd \ diff --git a/ascend_deployer/library/label_node.py b/ascend_deployer/library/label_node.py index 6a64e673aa0f5e9f79b469bf45ce009bc92b477f..4344334292d5f126eddc061e9b0c10719acd22c1 100644 --- a/ascend_deployer/library/label_node.py +++ b/ascend_deployer/library/label_node.py @@ -55,7 +55,7 @@ class LabelNode: self.facts = dict() self.label_yaml_dir = os.path.join(path_manager.TmpPath.DL_YAML_DIR, "label") if not os.path.exists(self.label_yaml_dir): - os.makedirs(self.label_yaml_dir) + os.makedirs(self.label_yaml_dir, mode=0o750, exist_ok=True) def _get_noded_label(self): if self.noded_label == "on" or "noded" in self.tags or "dl" in self.tags: diff --git a/ascend_deployer/library/process_test_report.py b/ascend_deployer/library/process_test_report.py index 247c5c25635c0f2d190aafae2b509b181ea18538..883f9e39680f7102f837a3bcf00974590b207a97 100644 --- a/ascend_deployer/library/process_test_report.py +++ b/ascend_deployer/library/process_test_report.py @@ -88,7 +88,7 @@ def output_test_result_json(cann_result, dl_result): if os.path.exists(TmpPath.TEST_REPORT_JSON): os.remove(TmpPath.TEST_REPORT_JSON) if not os.path.exists(TmpPath.DEPLOY_INFO): - os.makedirs(TmpPath.DEPLOY_INFO) + os.makedirs(TmpPath.DEPLOY_INFO, mode=0o750, exist_ok=True) to_json(TmpPath.TEST_REPORT_JSON, TestReport.ASCEND_SOFTWARE_TEST_REPORT, cann_result) to_json(TmpPath.TEST_REPORT_JSON, TestReport.DL_TEST_REPORT, dl_result) diff --git a/ascend_deployer/library/system_report.py b/ascend_deployer/library/system_report.py index 21828b243c650e8a4896c1854bc0b2e6f17f7292..d8964edfd46ed2edbcedce83d83ccb5ac64928ab 100644 --- a/ascend_deployer/library/system_report.py +++ b/ascend_deployer/library/system_report.py @@ -259,7 +259,7 @@ def main(): only_package = module.params["only_package"] if os.path.exists(os.path.expanduser("~/smartkit/reports/")): shutil.rmtree(os.path.expanduser("~/smartkit/reports/")) - os.makedirs(os.path.expanduser("~/smartkit/reports")) + os.makedirs(os.path.expanduser("~/smartkit/reports"), mode=0o750, exist_ok=True) app_info = collect_app_info() if only_package: diff --git a/ascend_deployer/module_utils/path_manager.py b/ascend_deployer/module_utils/path_manager.py index 82ee261cd30502b39c90c37224d4205ae66797dd..c98a85a8c95ec11bda159e609487e22c86e9017a 100644 --- a/ascend_deployer/module_utils/path_manager.py +++ b/ascend_deployer/module_utils/path_manager.py @@ -135,7 +135,7 @@ class PathManager: def recover_dir(cls, dir_path): if os.path.exists(dir_path): shutil.rmtree(dir_path) - os.makedirs(dir_path, exist_ok=True) + os.makedirs(dir_path, mode=0o750, exist_ok=True) @classmethod def init_large_scale_dirs(cls): diff --git a/ascend_deployer/scripts/nexus.py b/ascend_deployer/scripts/nexus.py index d6c842ff82680b3c528a3eb730dbae28bf5e10f9..1822011d975eb5e8a95272e1b7fac19fbfaef1ce 100644 --- a/ascend_deployer/scripts/nexus.py +++ b/ascend_deployer/scripts/nexus.py @@ -75,6 +75,7 @@ class OsRepository: os.environ.pop("https_proxy", "") with open(self.config, "r") as f: self.config_content = json.load(f) + os.chmod(self.config, 0o640) self.nexus_data_dir = os.path.join("/tmp", "nexus-data") self.nexus_image_name = self.config_content.get("image") nexus_dir = os.path.join(ROOT_PATH, "resources", "nexus") @@ -312,7 +313,9 @@ class AptRepository(OsRepository): if os.path.exists(centos_release): export_private_key_cmd = "gpg -a -o {} --export-secret-key nexus".format(gpg_pri_key) self._run_cmd(export_public_key_cmd) + os.chmod(gpg_pub_key, 0o644) self._run_cmd(export_private_key_cmd, log=False) + os.chmod(gpg_pri_key, 0o600) with open(gpg_pri_key, "r") as f: gpg_pri_content = f.read() return gpg_pri_content diff --git a/ascend_deployer/start_deploy.py b/ascend_deployer/start_deploy.py index 6353fe666dd9379345ec7736a38a3cf253c73bc6..403a5c12de40aee462510f9647c8b83a394afe42 100644 --- a/ascend_deployer/start_deploy.py +++ b/ascend_deployer/start_deploy.py @@ -265,7 +265,7 @@ class CLI(object): {"localhost": { "check_res_list": [check_res]}}} if not os.path.exists(TmpPath.DEPLOY_INFO): - os.makedirs(TmpPath.DEPLOY_INFO) + os.makedirs(TmpPath.DEPLOY_INFO, mode=0o750, exist_ok=True) with codecs.open(TmpPath.CHECK_RES_OUTPUT_JSON, 'w', encoding='utf-8') as file: json.dump(error_info, file, indent=4, ensure_ascii=False) raise diff --git a/packages/resources/setup.py b/packages/resources/setup.py index 948c801b40af03a2a6acaa7d6e2be4aba50cfc96..e68afd7d902437a1e8b39af7140b2f512c7b3899 100644 --- a/packages/resources/setup.py +++ b/packages/resources/setup.py @@ -151,7 +151,7 @@ class Install(setuptools.command.install.install, object): def run(self): print("run installing {}".format(local_file)) if not os.path.exists(package_dir): - os.makedirs(package_dir) + os.makedirs(package_dir, mode=0o750, exist_ok=True) download_url(select_url, sha256sum, local_file) if os.path.exists(local_file): install_zip_file(local_file)