On Wednesday, January 16, 2013 11:10:33 AM UTC-6, Xesc Arbona wrote:
>
> Hi,
>
> I'm trying to generate passwords for user accounts using the generate
> function and calling a local script on the server, but that fails with
> an error about Broken pipe :
>
> notice:
> /Stage[main]/Accounts::Virtual/Accounts::Add_user[xesc]/Notify[DM1HjM9a-VIx/usr/bin/tr:
>
>
> write error: Broken pipe
> /usr/bin/tr: write error
> /bin/cat: write error: Broken pipe
> ]/message: defined 'message' as 'DM1HjM9a-VIx/usr/bin/tr: write error:
> Broken pipe
> /usr/bin/tr: write error
> /bin/cat: write error: Broken pipe
> '
> notice: dAfux7Bb3YRz/usr/bin/tr: write error: Broken pipe
> /usr/bin/tr: write error
> /bin/cat: write error: Broken pipe
>
You are mistaken: Puppet itself is not failing. Rather, it is outputting a
message, as instructed by your manifest, with the message content appearing
to be a sequence of error messages.
>
> Code I'm using is:
>
> # generate random password and send to user if necessary
> if $generate_password {
> $password = generate("/opt/ict/bash/generate_password.sh", '12')
> $encrypted_password =
> generate("/opt/ict/bash/encrypt_password.sh", "$password")
>
> notify { $password: }
>
Specifically, then, it is the script /opt/ict/bash/encrypt_password.sh that
is producing that string of error messages. It is returned by the
generate() function and captured in variable $password. It is then emitted
into the agent's output by the 'notify' resource.
Puppet appears to be operating exactly as intended, but you really should
look at that script.
>
> exec { "setpass $username":
> path => "/sbin:/usr/sbin:/bin/:/usr/bin",
> command => "usermod -p '$encrypted_password' $username",
> refreshonly => true,
> subscribe => User[$username],
> unless => "cat /etc/shadow | grep $username| cut -f 2 -d :
> | grep -v '!'",
> }
>
> script /opt/ict/bash/generate_password.sh
> PWDLEN=12
> /bin/cat /dev/urandom |/usr/bin/tr -dc _A-Z-a-z-0-9 | /usr/bin/head
> -c${1:-$PWDLEN};
>
> Any idea how the generate function works internally in Puppet? Can I
> use pipes in the scripts?
>
>
Here are the docs:
http://docs.puppetlabs.com/references/3.0.latest/function.html#generate.
I don't really know what you want to know about how the function "works
internally", but in a general sense, the only thing it *can* do is launch
the external command in a child process. Because Puppet captures the
command's output, it must leave open the command's standard output,
standard error, or perhaps both, but it probably closes the command's
standard input. It is unclear what the command will have for environment
variables; it might inherit the master's complete environment, but it is
unsafe to assume *anything* about the environment in the absence of
documentation on that point.
If the command is an executable script beginning with an appropriate
shebang line (e.g. #!/bin/bash) then the system will launch the specified
processor to execute it. The capabilities and features supported by the
script are entirely a question of the script processor used. If it is
bash, tcsh, or any other shell from those families then, yes, the script
may use pipes internally. The command itself must not be a pipeline,
however, nor may it or its arguments rely on parameter expansion or any
other shell feature.
The "broken pipe" messages probably mean that your script tries to execute
a pipeline where the command on the receiving end cannot be started or
terminates prematurely. My best guess would be that the script's
expectations about its environment are not fulfilled.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/5qIAkIOcbnUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
