Hello Simon,
welcome to the wonderful world of CFEngine. I'm afraid I don't have your
makekpassword function handy, but I can do this (taking away the policy
statement)
body common control
{
bundlesequence => { "check_user_files" };
inputs => { "cfengine_stdlib.cf" };
}
bundle agent check_user_files
{
vars:
"newpass" int => randomint("1","8"),
policy => "free";
commands:
"/bin/echo $(newpass)";
reports:
!kjsad::
"GOT $(newpass)";
}
And I see a consistent value, used only once. The multiple values you
see with "static" come about because CFEngine wants to re-call the same
function but it is not allowed to converge. I'll look into why this is
rather counter-intuitive and see if something needs changing.
Good luck with CFEngine -- so much better than that other thing you
mentioned ;-)
M
On 27/07/11 13:55, Simon Blake wrote:
> Hi all. First post from a cfengine n00b, please be gentle!
>
> I'm trying to set a random mysql root password, and write it to
> ~root/.my.cnf.
>
> My problem is that I set $(newpass) with a shell call to makepasswd, and
> then use it twice. My first use of $(newpass) is in a command, during
> pass 1. The second use of $(newpass) is in a file edit, during pass 2,
> in between $(newpass) has been set to a different value, which means
> that the password written to .my.cnf and the actual password in mysql
> now differ.
>
> So, is there some way to restrict a variable to only be set in pass 1?
> I've tried policy=constant, which doesn't appear to make any difference.
> Or am I going about it completely the wrong way - is there some more
> stable way to generate a password?
>
> My idea was something like
>
> set $newpass to be the output from 'makepasswd'
> run "/usr/bin/mysqladmin status", if it succeeds, exit, if it fails,
> run "/usr/bin/mysqladmin --password= password $newpass", if it succeeds,
> write $newpass to ~root/.my.cnf
>
> Essentially, I'm trying to do something like
>
> http://projects.puppetlabs.com/projects/1/wiki/My_Sql_Server_Patterns
>
> but with a randomly generated password.
>
> I'm server and client on Debian squeeze, with the cfengine packages from
> testing (v3.1.5). My code looks like:
>
> bundle agent app_db_mysql_mycnf
> {
> vars:
> "mycnf" string => "root/.my.cnf";
>
> "newpass" string => execresult("/usr/bin/makepasswd --chars
> 12","noshell"),
> policy => "constant";
>
> commands:
>
> "/usr/bin/mysqladmin status"
> handle => "check_mysql_root_pwd",
> comment => "Check mysql root password",
> repair_failed => { "set_mysql_root_from_null" };
>
> set_mysql_root_from_null::
> "/usr/bin/mysqladmin --password= password $(newpass)"
> handle => "set_mysql_root_from_null",
> comment => "Set Mysql root password if it is null to $(newpass)";
> promise_repaired => { "update_mycnf" };
>
> files:
>
> update_mycnf::
> "/$(mycnf)"
> handle => "update_mycnf",
> comment => "Add the new password to my_cnf",
> perms => mog("0600", "root", "root"),
> edit_line => section_config("client","password","$(newpass)");
> }
>
> A typical run looks like:
>
> cf3> Promise handle: set_mysql_root_from_null
> cf3> Promise made by: /usr/bin/mysqladmin --password= password
> LCtCv8XDpmJM
> cf3>
> cf3> Comment: Set Mysql root password if it is null to LCtCv8XDpmJM
> cf3> .........................................................
> cf3>
> cf3> -> Executing '/usr/bin/mysqladmin --password= password LCtCv8XDpmJM'
> ...(timeout=-678,owner=-1,group=-1)
> cf3> -> (Setting umask to 77)
> cf3> -> Finished command related to promiser "/usr/bin/mysqladmin
> --password= password LCtCv8XDpmJM" -- succeeded
> cf3> -> Completed execution of /usr/bin/mysqladmin --password= password
> LCtCv8XDpmJM
> cf3>
> cf3> =========================================================
> cf3> vars in bundle app_db_mysql_mycnf (2)
> cf3> =========================================================
> cf3>
> cf3> !! Duplicate selection of value for variable "newpass" in scope
> app_db_mysql_mycnf
> cf3> !! Rule from /var/lib/cfengine3/inputs/site/app_db_mysql_mycnf.cf
> at/before line 45
> cf3>
> cf3> + Private classes augmented:
> cf3>
> cf3> - Private classes diminished:
> cf3>
> cf3>
> cf3>
> cf3> =========================================================
> cf3> files in bundle app_db_mysql_mycnf (2)
> cf3> =========================================================
> cf3>
> cf3>
> cf3> .........................................................
> cf3> Promise handle: update_mycnf
> cf3> Promise made by: /root/.my.cnf
> cf3>
> cf3> Comment: Add the new password to my_cnf
> cf3> .........................................................
> cf3>
> cf3> -> Using literal pathtype for /root/.my.cnf
> cf3> -> Handling file existence constraints on /root/.my.cnf
> cf3> -> File permissions on /root/.my.cnf as promised
> cf3> -> Handling file existence constraints on /root/.my.cnf
> cf3> -> File permissions on /root/.my.cnf as promised
> cf3> -> Handling file edits in edit_line bundle section_config
> cf3>
> cf3> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> cf3> BUNDLE section_config( {'client','password','CxKRfeHX0Fp3'} )
> cf3> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> cf3>
>
> Cheers
> Simon
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
