Puppet users - Jan 2013 - Broken pipe on generate function

Hi,

I''m trying to generate passwords for user accounts using the generate
function and calling a local script on the server, but that fails with
an error about Broken pipe :

notice:
/Stage[main]/Accounts::Virtual/Accounts::Add_user[xesc]/Notify[DM1HjM9a-VIx/usr/bin/tr:
write error: Broken pipe
/usr/bin/tr: write error
/bin/cat: write error: Broken pipe
]/message: defined ''message'' as
''DM1HjM9a-VIx/usr/bin/tr: write error:
Broken pipe
/usr/bin/tr: write error
/bin/cat: write error: Broken pipe
''
notice: dAfux7Bb3YRz/usr/bin/tr: write error: Broken pipe
/usr/bin/tr: write error
/bin/cat: write error: Broken pipe

Code I''m using is:

  # generate random password and send to user if necessary
  if $generate_password {
    $password = generate("/opt/ict/bash/generate_password.sh",
''12'')
    $encrypted_password generate("/opt/ict/bash/encrypt_password.sh",
"$password")

    notify { $password: }

    exec { "setpass $username":
      path         => "/sbin:/usr/sbin:/bin/:/usr/bin",
      command      => "usermod -p
''$encrypted_password'' $username",
      refreshonly  => true,
      subscribe    => User[$username],
      unless       => "cat /etc/shadow | grep $username| cut -f 2 -d :
| grep -v ''!''",
    }

script /opt/ict/bash/generate_password.sh
PWDLEN=12
/bin/cat /dev/urandom |/usr/bin/tr -dc _A-Z-a-z-0-9 | /usr/bin/head
-c${1:-$PWDLEN};

Any idea how the generate function works internally in Puppet? Can I
use pipes in the scripts?

Thanks!

Kind regards,
Xesc

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

Is there a way to do something like :

$computers_dbm="''computer1'',''computer2''"

$computers_worklflow="''computer4'',''computer3''"
  
node $computers_dbm {
  include dbm_installation
}

node $computers_worklflow {
  include dbm_worklflow
}

The point is not the include, but the fact to use a variable to define a nodes
list.
I tried several solution but I did not find a good one.

Thanks in advance for any helps.

Cordialement,

Bernard Granier
CE Plateforme Système
bernard.granier@morpho.com
01 58 11 32 51


-----Original Message-----
From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On
Behalf Of Xesc Arbona
Sent: Wednesday, January 16, 2013 6:11 PM
To: puppet-users@googlegroups.com
Subject: [Puppet Users] Broken pipe on generate function

Hi,

I''m trying to generate passwords for user accounts using the generate
function and calling a local script on the server, but that fails with an error
about Broken pipe :

notice:
/Stage[main]/Accounts::Virtual/Accounts::Add_user[xesc]/Notify[DM1HjM9a-VIx/usr/bin/tr:
write error: Broken pipe
/usr/bin/tr: write error
/bin/cat: write error: Broken pipe
]/message: defined ''message'' as
''DM1HjM9a-VIx/usr/bin/tr: write error:
Broken pipe
/usr/bin/tr: write error
/bin/cat: write error: Broken pipe
''
notice: dAfux7Bb3YRz/usr/bin/tr: write error: Broken pipe
/usr/bin/tr: write error
/bin/cat: write error: Broken pipe

Code I''m using is:

  # generate random password and send to user if necessary
  if $generate_password {
    $password = generate("/opt/ict/bash/generate_password.sh",
''12'')
    $encrypted_password generate("/opt/ict/bash/encrypt_password.sh",
"$password")

    notify { $password: }

    exec { "setpass $username":
      path         => "/sbin:/usr/sbin:/bin/:/usr/bin",
      command      => "usermod -p
''$encrypted_password'' $username",
      refreshonly  => true,
      subscribe    => User[$username],
      unless       => "cat /etc/shadow | grep $username| cut -f 2 -d :
| grep -v ''!''",
    }

script /opt/ict/bash/generate_password.sh
PWDLEN=12
/bin/cat /dev/urandom |/usr/bin/tr -dc _A-Z-a-z-0-9 | /usr/bin/head
-c${1:-$PWDLEN};

Any idea how the generate function works internally in Puppet? Can I use pipes
in the scripts?

Thanks!

Kind regards,
Xesc

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

#
" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are notified
that any dissemination, copying of this e-mail and any attachments thereto or
use of their contents by any means whatsoever is strictly prohibited. If you
have received this e-mail in error, please advise the sender immediately and
delete this e-mail and all attached documents from your computer system."
#

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, January 16, 2013 11:10:33 AM UTC-6, Xesc Arbona
wrote:
>
> Hi, 
>
> I''m trying to generate passwords for user accounts using the
generate
> function and calling a local script on the server, but that fails with 
> an error about Broken pipe : 
>
> notice: 
>
/Stage[main]/Accounts::Virtual/Accounts::Add_user[xesc]/Notify[DM1HjM9a-VIx/usr/bin/tr:
>
> write error: Broken pipe 
> /usr/bin/tr: write error 
> /bin/cat: write error: Broken pipe 
> ]/message: defined ''message'' as
''DM1HjM9a-VIx/usr/bin/tr: write error:
> Broken pipe 
> /usr/bin/tr: write error 
> /bin/cat: write error: Broken pipe 
> '' 
> notice: dAfux7Bb3YRz/usr/bin/tr: write error: Broken pipe 
> /usr/bin/tr: write error 
> /bin/cat: write error: Broken pipe 
>

You are mistaken: Puppet itself is not failing.  Rather, it is outputting a 
message, as instructed by your manifest, with the message content appearing 
to be a sequence of error messages.

 
>
> Code I''m using is: 
>
>   # generate random password and send to user if necessary 
>   if $generate_password { 
>     $password = generate("/opt/ict/bash/generate_password.sh",
''12'')
>     $encrypted_password = 
> generate("/opt/ict/bash/encrypt_password.sh",
"$password")
>
>     notify { $password: } 
>

Specifically, then, it is the script /opt/ict/bash/encrypt_password.sh that 
is producing that string of error messages.  It is returned by the 
generate() function and captured in variable $password.  It is then emitted 
into the agent''s output by the ''notify'' resource.

Puppet appears to be operating exactly as intended, but you really should 
look at that script.

 
>
>     exec { "setpass $username": 
>       path         => "/sbin:/usr/sbin:/bin/:/usr/bin", 
>       command      => "usermod -p
''$encrypted_password'' $username",
>       refreshonly  => true, 
>       subscribe    => User[$username], 
>       unless       => "cat /etc/shadow | grep $username| cut -f 2
-d :
> | grep -v ''!''", 
>     } 
>
> script /opt/ict/bash/generate_password.sh 
> PWDLEN=12 
> /bin/cat /dev/urandom |/usr/bin/tr -dc _A-Z-a-z-0-9 | /usr/bin/head 
> -c${1:-$PWDLEN}; 
>
> Any idea how the generate function works internally in Puppet? Can I 
> use pipes in the scripts? 
>
>
Here are the docs: 
http://docs.puppetlabs.com/references/3.0.latest/function.html#generate.

I don''t really know what you want to know about how the function
"works
internally", but in a general sense, the only thing it *can* do is launch 
the external command in a child process.  Because Puppet captures the 
command''s output, it must leave open the command''s standard
output,
standard error, or perhaps both, but it probably closes the command''s 
standard input.  It is unclear what the command will have for environment 
variables; it might inherit the master''s complete environment, but it
is
unsafe to assume *anything* about the environment in the absence of 
documentation on that point.

If the command is an executable script beginning with an appropriate 
shebang line (e.g. #!/bin/bash) then the system will launch the specified 
processor to execute it.  The capabilities and features supported by the 
script are entirely a question of the script processor used.  If it is 
bash, tcsh, or any other shell from those families then, yes, the script 
may use pipes internally.  The command itself must not be a pipeline, 
however, nor may it or its arguments rely on parameter expansion or any 
other shell feature.

The "broken pipe" messages probably mean that your script tries to
execute
a pipeline where the command on the receiving end cannot be started or 
terminates prematurely.  My best guess would be that the script''s 
expectations about its environment are not fulfilled.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/5qIAkIOcbnUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, January 16, 2013 11:59:18 AM UTC-6, bernard...@morpho.com 
wrote:
>
> Hi, 
>
> Is there a way to do something like : 
>
>
$computers_dbm="''computer1'',''computer2''"
>
>
$computers_worklflow="''computer4'',''computer3''"
>   
> node $computers_dbm { 
>   include dbm_installation 
> } 
>
> node $computers_worklflow { 
>   include dbm_worklflow 
> } 
>
> The point is not the include, but the fact to use a variable to define a 
> nodes list. 
> I tried several solution but I did not find a good one. 
>
>
Please do not hijack threads.

Here is the documentation on node definitions: 
http://docs.puppetlabs.com/puppet/3/reference/lang_node_definitions.html.  
If you want further discussion or advice then please start your own thread 
for it.

John 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/88qn6IlHvMAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.