El miércoles, 1 de agosto de 2012 20:30:52 UTC+2, Calvin Walton escribió: > > On Wed, 2012-08-01 at 18:58 +0100, R.I.Pienaar wrote: > > From: "Eric Shamow" <e...@puppetlabs.com> > > > Not sure that this should be considered a bug in fqdn_rand - the idea > > > with fqdn_rand is that it should generate the same random number > > > each time it is run in order to maintain idempotency. > > > > The bug is that it does: > > > > * set salt to cause consistant random numbers > > * get random data > > > > I think it should do: > > > > * set salt to cause consistant random numbers > > * get random data > > * reset salt to produce random data > > > This will retain the behaviour of fqdn_rand and not break random for > everyone else > > I was going to say that an even *better* solution would be to do this: > > * Create a private Random object for use only by fqdn_rand > * Set the seed on the private Random object, without disturbing > the Kernel.rand implementation > * get random data from the private Random object > > ...but then I remembered that the Random class was introduced in Ruby > 1.9, so this won't work on older versions like 1.8.7, and I had > forgotten that fqdn_rand should always return the same number on the > same machine when it is called with the same arguments. > > The definition of 'srand' is actually kind of interesting: > srand(number=0) => old_seed > so the patch to fix this is actually quite trivial: > > diff --git a/lib/puppet/parser/functions/fqdn_rand.rb > b/lib/puppet/parser/functi > index 93ab98b..987815c 100644 > --- a/lib/puppet/parser/functions/fqdn_rand.rb > +++ b/lib/puppet/parser/functions/fqdn_rand.rb > @@ -7,6 +7,7 @@ Puppet::Parser::Functions::newfunction(:fqdn_rand, :type > => :rva > $random_number_seed = fqdn_rand(30,30)") do |args| > require 'digest/md5' > max = args.shift > - > srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex) > + old_seed = > srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex) > rand(max).to_s > + srand(old_seed) > end > > -- > Calvin Walton <calvin.wal...@kepstin.ca> > > Hi again,
I've tried the patch submitted by Calvin Walton, and it's almost working. There are two remaining issues: 1.- The patch needs some more lines, because it returns the "new old seed" value. So the new patch would be: diff --git a/puppet/parser/functions/fqdn_rand.rb.orig b/puppet/parser/functions/fqdn_rand.rb index 93ab98b..6482449 100644 --- a/puppet/parser/functions/fqdn_rand.rb.orig +++ b/puppet/parser/functions/fqdn_rand.rb @@ -7,6 +7,8 @@ Puppet::Parser::Functions::newfunction(:fqdn_rand, :type => :rvalue, :doc => $random_number_seed = fqdn_rand(30,30)") do |args| require 'digest/md5' max = args.shift - srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex) - rand(max).to_s + old_seed = srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex) + exit_value = rand(max).to_s + srand(old_seed) + exit_value end 2.- I need to restart apache on the master server (remember I was using Passenger) to get a different salt value of the shadow password. Without the patch, I always get the same salt value, no matter if I restart the apache server or not. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nAuJ64JrsdAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.