On Friday, August 2, 2013 12:07:24 PM UTC-5, Jacob McCoy Wade wrote:
>
>
>
> On Friday, August 2, 2013 6:43:01 AM UTC-7, jcbollinger wrote:
>>
>>
>>
>> On Thursday, August 1, 2013 2:37:03 PM UTC-5, Jacob McCoy Wade wrote:
>>>
>>> The closest I've come is to use:
>>>
>>>> $random_1 = generate('/bin/sh', '-c', '\"/bin/cat /dev/urandom | /usr
>>>> /bin/tr -dc \'a-z0-9\' | /usr/bin/fold -w 8 | /usr/bin/head -n 1 | /usr
>>>> /bin/tr -d \'\n\'\"')
>>>
>>>
>>> This however ends up populating the variable with the following and
>>> appears to ignore the the "/usr/bin/tr -d '\n'" as there are line breaks
>>> inserted:
>>>
>>>> /bin/sh: "/bin/cat: No such file or directory
>>>>
>>>
>>>
>> So, that's the wrong thing to do, because 'cat' will keep reading its
>> input until it reaches the end, which it never will in this case. It may
>> be that having 'head' in the pipeline would rescue it by closing its own
>> input, but you might end up with a bunch of stalled, orphaned processes.
>> You should instead use /bin/dd or some other command that allows you to
>> limit the amount of data read from /dev/urandom.
>>
>> I was using head to close the input. The other thing I can't quite make
> sense of is why it works when I apply the module directly on the node, but
> not when using a puppet master.
>
Like all Puppet functions, generate() runs on machine where the catalog is
compiled, not on the one where it is applied, unless they are the same. It
appears that the master you are using does not have (a Puppet-accessible)
/dev/urandom, whereas the target node has one that is accessible to the
user as whom you are running 'puppet apply'.
>
>
>> There is also a third, more fundamental problem: it is unlikely that you
>> really want to do what you are trying to do. If you generate a completely
>> random component to a config file on every run, then that file will never
>> match from one run to the next, so it will always be re-synced. That is
>> rarely the intent. More often, you want different, random strings for each
>> node, but you want those strings to be stable from run to run for any given
>> node. One way to achieve that might be to construct strings as the
>> concatenation of a constant stem and a random number generated via Puppet's
>> built-in fqdn_rand() function.
>>
>> I was thinking that I could use "replace => 'no'," within the module so
> that puppet won't re-sync the file every run.
>
You could, though by doing so you give up the ability to have Puppet keep
the file synced to your spec. Replace => 'no' is most appropriately
applied to files that are expected to be modified in the course of their
normal use, however, to prevent Puppet from clobbering the modifications.
Inasmuch the only reason for using it here seems to be to facilitate using
/dev/urandom as the source of randomness, and as using /dev/urandom for
this purpose appears inferior in most ways to using Puppet's and/or Ruby's
built-in sources of randomness, I really don't see the point.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
