----- Original Message ----- > From: "Felipe Ortega" <orteg...@gmail.com> > To: puppet-users@googlegroups.com > Sent: Wednesday, August 1, 2012 5:28:23 AM > Subject: [Puppet Users] rand losing its randomness after using fqdn_rand > > > Hi, > > > I'm a newbie puppet user, and I'm facing some weird behaviour in my > testing environment. > I'm using Debian packages from testing/Wheezy (version 2.7.18) via > apache+passenger installation. Also: > > > $ ruby -v > ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux] > > > I developed the following custom function (with some help from > Google) to generate the shadow password of any new user: > > > module Puppet::Parser::Functions > newfunction(:shadow_pwd, :type => :rvalue) do |args| > passwd = args[0] > case args[1] > when 'md5' > algo = '$1$' > when 'blowfish' > algo = '$2$' > when 'sha256' > algo = '$5$' > when 'sha512' > algo = '$6$' > end > o = [('a'..'z'),('A'..'Z'),('0'..'9')].map{|i| i.to_a}.flatten > salt = (0..8).map{ o[rand(o.length)] }.join > hash = passwd.crypt(algo + salt) > end > end > > > it takes two arguments, the cleartext password and the algorithm to > encrypt it. > > > So, with this setup, on every run of the puppet agent, a new shadow > password was assigned to the user. Well, in fact it was always the > same cleartext password, but as the salt was different on every run, > the shadow password of the user was different too, and puppet > updated the user password accordingly. > > > Here comes a new class, puppet, to manage the agent configuration on > every node. I chose to run puppet agent via cron task, and in order > to prevent every agent try to get the catalog at the same time, I > use the following code snippet (picket up online): > > > $first = fqdn_rand(30) > $second = $first + 30 > cron {'puppet': > command => '/usr/bin/puppet agent --no-daemon --onetime', > user => 'root', > minute => [$first,$second], > ensure => present, > require => Class['puppet::install'], > } > > > This works OK too, it creates a new task in the crontab file of user > root, executing the command twice an hour, always on the same two > minutes. > > > But then I realized the shadow password of the users were not being > updated anymore (only when I change the cleartext password). After > some debugging, I found out that the salt was always the same! > Further debugging led me to the definition of the fqdn_rand > function, and the culprit seems to be this line: > > > srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex) > > > which sets the seed used for the rand function. > > > After all this stuff, what should I do? Is it a bug in fqdn_rand? > Because after using it, rand loses its randomness. Or, is it my > fault for not setting the seed in my custom function? If so, how and > where should a set the seed so it works as before using fqdn_rand?
I'd say this is a bug in fqdn_rand, but if you wish to work around it in your function you can also just call srand() when your function get called Would be great if you could file a bug about fqdn_rand -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.