Hi all. First post from a cfengine n00b, please be gentle! I'm trying to set a random mysql root password, and write it to ~root/.my.cnf.
My problem is that I set $(newpass) with a shell call to makepasswd, and then use it twice. My first use of $(newpass) is in a command, during pass 1. The second use of $(newpass) is in a file edit, during pass 2, in between $(newpass) has been set to a different value, which means that the password written to .my.cnf and the actual password in mysql now differ. So, is there some way to restrict a variable to only be set in pass 1? I've tried policy=constant, which doesn't appear to make any difference. Or am I going about it completely the wrong way - is there some more stable way to generate a password? My idea was something like set $newpass to be the output from 'makepasswd' run "/usr/bin/mysqladmin status", if it succeeds, exit, if it fails, run "/usr/bin/mysqladmin --password= password $newpass", if it succeeds, write $newpass to ~root/.my.cnf Essentially, I'm trying to do something like http://projects.puppetlabs.com/projects/1/wiki/My_Sql_Server_Patterns but with a randomly generated password. I'm server and client on Debian squeeze, with the cfengine packages from testing (v3.1.5). My code looks like: bundle agent app_db_mysql_mycnf { vars: "mycnf" string => "root/.my.cnf"; "newpass" string => execresult("/usr/bin/makepasswd --chars 12","noshell"), policy => "constant"; commands: "/usr/bin/mysqladmin status" handle => "check_mysql_root_pwd", comment => "Check mysql root password", repair_failed => { "set_mysql_root_from_null" }; set_mysql_root_from_null:: "/usr/bin/mysqladmin --password= password $(newpass)" handle => "set_mysql_root_from_null", comment => "Set Mysql root password if it is null to $(newpass)"; promise_repaired => { "update_mycnf" }; files: update_mycnf:: "/$(mycnf)" handle => "update_mycnf", comment => "Add the new password to my_cnf", perms => mog("0600", "root", "root"), edit_line => section_config("client","password","$(newpass)"); } A typical run looks like: cf3> Promise handle: set_mysql_root_from_null cf3> Promise made by: /usr/bin/mysqladmin --password= password LCtCv8XDpmJM cf3> cf3> Comment: Set Mysql root password if it is null to LCtCv8XDpmJM cf3> ......................................................... cf3> cf3> -> Executing '/usr/bin/mysqladmin --password= password LCtCv8XDpmJM' ...(timeout=-678,owner=-1,group=-1) cf3> -> (Setting umask to 77) cf3> -> Finished command related to promiser "/usr/bin/mysqladmin --password= password LCtCv8XDpmJM" -- succeeded cf3> -> Completed execution of /usr/bin/mysqladmin --password= password LCtCv8XDpmJM cf3> cf3> ========================================================= cf3> vars in bundle app_db_mysql_mycnf (2) cf3> ========================================================= cf3> cf3> !! Duplicate selection of value for variable "newpass" in scope app_db_mysql_mycnf cf3> !! Rule from /var/lib/cfengine3/inputs/site/app_db_mysql_mycnf.cf at/before line 45 cf3> cf3> + Private classes augmented: cf3> cf3> - Private classes diminished: cf3> cf3> cf3> cf3> ========================================================= cf3> files in bundle app_db_mysql_mycnf (2) cf3> ========================================================= cf3> cf3> cf3> ......................................................... cf3> Promise handle: update_mycnf cf3> Promise made by: /root/.my.cnf cf3> cf3> Comment: Add the new password to my_cnf cf3> ......................................................... cf3> cf3> -> Using literal pathtype for /root/.my.cnf cf3> -> Handling file existence constraints on /root/.my.cnf cf3> -> File permissions on /root/.my.cnf as promised cf3> -> Handling file existence constraints on /root/.my.cnf cf3> -> File permissions on /root/.my.cnf as promised cf3> -> Handling file edits in edit_line bundle section_config cf3> cf3> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * cf3> BUNDLE section_config( {'client','password','CxKRfeHX0Fp3'} ) cf3> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * cf3> Cheers Simon _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
