----- Original Message -----
> From: "Felipe Ortega" <orteg...@gmail.com>
> To: puppet-users@googlegroups.com
> Sent: Wednesday, August 1, 2012 5:28:23 AM
> Subject: [Puppet Users] rand losing its randomness after using fqdn_rand
>
>
> Hi,
>
>
> I'm a newbie puppet user, and I'm facing some weird behaviour in my
> testing environment.
> I'm using Debian packages from testing/Wheezy (version 2.7.18) via
> apache+passenger installation. Also:
>
>
> $ ruby -v
> ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux]
>
>
> I developed the following custom function (with some help from
> Google) to generate the shadow password of any new user:
>
>
> module Puppet::Parser::Functions
> newfunction(:shadow_pwd, :type => :rvalue) do |args|
> passwd = args[0]
> case args[1]
> when 'md5'
> algo = '$1$'
> when 'blowfish'
> algo = '$2$'
> when 'sha256'
> algo = '$5$'
> when 'sha512'
> algo = '$6$'
> end
> o = [('a'..'z'),('A'..'Z'),('0'..'9')].map{|i| i.to_a}.flatten
> salt = (0..8).map{ o[rand(o.length)] }.join
> hash = passwd.crypt(algo + salt)
> end
> end
>
>
> it takes two arguments, the cleartext password and the algorithm to
> encrypt it.
>
>
> So, with this setup, on every run of the puppet agent, a new shadow
> password was assigned to the user. Well, in fact it was always the
> same cleartext password, but as the salt was different on every run,
> the shadow password of the user was different too, and puppet
> updated the user password accordingly.
>
>
> Here comes a new class, puppet, to manage the agent configuration on
> every node. I chose to run puppet agent via cron task, and in order
> to prevent every agent try to get the catalog at the same time, I
> use the following code snippet (picket up online):
>
>
> $first = fqdn_rand(30)
> $second = $first + 30
> cron {'puppet':
> command => '/usr/bin/puppet agent --no-daemon --onetime',
> user => 'root',
> minute => [$first,$second],
> ensure => present,
> require => Class['puppet::install'],
> }
>
>
> This works OK too, it creates a new task in the crontab file of user
> root, executing the command twice an hour, always on the same two
> minutes.
>
>
> But then I realized the shadow password of the users were not being
> updated anymore (only when I change the cleartext password). After
> some debugging, I found out that the salt was always the same!
> Further debugging led me to the definition of the fqdn_rand
> function, and the culprit seems to be this line:
>
>
> srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex)
>
>
> which sets the seed used for the rand function.
>
>
> After all this stuff, what should I do? Is it a bug in fqdn_rand?
> Because after using it, rand loses its randomness. Or, is it my
> fault for not setting the seed in my custom function? If so, how and
> where should a set the seed so it works as before using fqdn_rand?
I'd say this is a bug in fqdn_rand, but if you wish to work around it
in your function you can also just call srand() when your function get
called
Would be great if you could file a bug about fqdn_rand
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
