Hi,
I'm a newbie puppet user, and I'm facing some weird behaviour in my testing
environment.
I'm using Debian packages from testing/Wheezy (version 2.7.18) via
apache+passenger installation. Also:
$ ruby -v
ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux]
I developed the following custom function (with some help from Google) to
generate the shadow password of any new user:
module Puppet::Parser::Functions
newfunction(:shadow_pwd, :type => :rvalue) do |args|
passwd = args[0]
case args[1]
when 'md5'
algo = '$1$'
when 'blowfish'
algo = '$2$'
when 'sha256'
algo = '$5$'
when 'sha512'
algo = '$6$'
end
o = [('a'..'z'),('A'..'Z'),('0'..'9')].map{|i| i.to_a}.flatten
salt = (0..8).map{ o[rand(o.length)] }.join
hash = passwd.crypt(algo + salt)
end
end
it takes two arguments, the cleartext password and the algorithm to encrypt
it.
So, with this setup, on every run of the puppet agent, a new shadow
password was assigned to the user. Well, in fact it was always the same
cleartext password, but as the salt was different on every run, the shadow
password of the user was different too, and puppet updated the user
password accordingly.
Here comes a new class, puppet, to manage the agent configuration on every
node. I chose to run puppet agent via cron task, and in order to prevent
every agent try to get the catalog at the same time, I use the following
code snippet (picket up online):
$first = fqdn_rand(30)
$second = $first + 30
cron {'puppet':
command => '/usr/bin/puppet agent --no-daemon --onetime',
user => 'root',
minute => [$first,$second],
ensure => present,
require => Class['puppet::install'],
}
This works OK too, it creates a new task in the crontab file of user root,
executing the command twice an hour, always on the same two minutes.
But then I realized the shadow password of the users were not being updated
anymore (only when I change the cleartext password). After some debugging,
I found out that the salt was always the same! Further debugging led me to
the definition of the fqdn_rand function, and the culprit seems to be this
line:
srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex)
which sets the seed used for the rand function.
After all this stuff, what should I do? Is it a bug in fqdn_rand? Because
after using it, rand loses its randomness. Or, is it my fault for not
setting the seed in my custom function? If so, how and where should a set
the seed so it works as before using fqdn_rand?
Thanks in advance for your answers. Greetings.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/FjokplF1IuoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
