Hi, I'm a newbie puppet user, and I'm facing some weird behaviour in my testing environment. I'm using Debian packages from testing/Wheezy (version 2.7.18) via apache+passenger installation. Also:
$ ruby -v ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux] I developed the following custom function (with some help from Google) to generate the shadow password of any new user: module Puppet::Parser::Functions newfunction(:shadow_pwd, :type => :rvalue) do |args| passwd = args[0] case args[1] when 'md5' algo = '$1$' when 'blowfish' algo = '$2$' when 'sha256' algo = '$5$' when 'sha512' algo = '$6$' end o = [('a'..'z'),('A'..'Z'),('0'..'9')].map{|i| i.to_a}.flatten salt = (0..8).map{ o[rand(o.length)] }.join hash = passwd.crypt(algo + salt) end end it takes two arguments, the cleartext password and the algorithm to encrypt it. So, with this setup, on every run of the puppet agent, a new shadow password was assigned to the user. Well, in fact it was always the same cleartext password, but as the salt was different on every run, the shadow password of the user was different too, and puppet updated the user password accordingly. Here comes a new class, puppet, to manage the agent configuration on every node. I chose to run puppet agent via cron task, and in order to prevent every agent try to get the catalog at the same time, I use the following code snippet (picket up online): $first = fqdn_rand(30) $second = $first + 30 cron {'puppet': command => '/usr/bin/puppet agent --no-daemon --onetime', user => 'root', minute => [$first,$second], ensure => present, require => Class['puppet::install'], } This works OK too, it creates a new task in the crontab file of user root, executing the command twice an hour, always on the same two minutes. But then I realized the shadow password of the users were not being updated anymore (only when I change the cleartext password). After some debugging, I found out that the salt was always the same! Further debugging led me to the definition of the fqdn_rand function, and the culprit seems to be this line: srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex) which sets the seed used for the rand function. After all this stuff, what should I do? Is it a bug in fqdn_rand? Because after using it, rand loses its randomness. Or, is it my fault for not setting the seed in my custom function? If so, how and where should a set the seed so it works as before using fqdn_rand? Thanks in advance for your answers. Greetings. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FjokplF1IuoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.