Ask Your Question
1

How do I store the result of running an executable in a puppet variable?

asked 2015-02-24 17:27:32 -0500

bnordgren gravatar image

updated 2015-02-25 14:23:13 -0500

I'm using puppet to manage an IPython notebook deployment. I need to execute some python code to generate a salt+hash from a plaintext password, which is a puppet variable. I want to then store this salt+hash in a different variable so that it is available for use within a template.

How do I assign "stdout" from the exec {} to a puppet variable?

EDIT: The answers exposed an unstated assumption in my original question: I want to run code outside of puppet on a node under puppet control, and then assign stdout to a puppet variable for use in the remainder of the puppet run. The rationale being I need puppet to make sure that the code I need to run is present on the machine running it.

edit retag flag offensive close merge delete

Comments

Ah, I didn't parse the "exec {}" part correctly, and of course, functions only run on the master, not the client.

GregLarkin gravatar imageGregLarkin ( 2015-02-25 15:17:52 -0500 )edit
add a comment

3 Answers

Sort by ยป oldest newest most voted
1

answered 2015-03-09 13:10:16 -0500

bnordgren gravatar image

To summarize the answers to date, it is not possible to do what I'm asking. Specifically, taking information in a puppet variable (the plaintext password), running it through an algorithm on a node under puppet control, and storing the result in a variable for use in the remainder of the puppet manifest. The reasons for this have to do with the location and order in which code is executed:

  1. Variables are evaluated before resources are applied. (e.g., variables are strictly inputs to resources)
  2. Custom puppet facts run on the node under puppet control and are accessible to the resources declared in the puppet manifest, but cannot be parametrized by information in the puppet manifest (e.g., puppet facts are strictly inputs to manifests).
  3. Functions may store values in variables, and may be parametrized by information in the puppet manifest, but they run on the puppet master, on which there can be no guarantee that the algorithm is installed.

One workaround (which I am now using) is just to manually run the hashing algorithm offline and store it in the puppet manifest. Another is to rewrite the hash+salt algorithm in ruby, and with every new release of the software make sure that the algorithm has not changed.

Succinctly, however, it is not possible to manipulate information using external code under puppet control, if the results of that manipulation are needed by the puppet master.

edit flag offensive delete link more
add a comment
1

answered 2015-02-25 09:51:01 -0500

GregLarkin gravatar image

updated 2015-02-25 15:25:38 -0500

You can do what you want with the Puppet generate function, and this looks like a good example of something similar:

http://razius.com/articles/generating-password-hashes-for-puppet/

UPDATE:

If you want to run code on the agent and store the output in a variable for the rest of your Puppet manifests to use, look into creating a Puppet custom fact.

Once the fact source code has been delivered to the agent node by the master, the agent will execute the code and create a fact that you have named, such as $::hashed_password. You can then use the value of that fact elsewhere in your Puppet code, just like any other standard fact, such as $::fqdn.

edit flag offensive delete link more
add a comment
0

answered 2015-02-25 09:14:29 -0500

cpitman gravatar image

Doing it that way is not possible, since variables are evaluated before any resources are applied.

Instead, you need to create a custom puppet function which can either implement the hashing logic you need or call out to your python process. Nite that if you execute a python script, python and the script need to be installed on the puppet master instead of on the node.

edit flag offensive delete link more

Comments

I understand how to ensure that the needed scripts are installed on the node, but I don't know how to make sure that the puppetmaster is configured correctly. (Using puppet, I mean. Of course I can `yum install` the needed package.

bnordgren gravatar imagebnordgren ( 2015-02-25 12:26:20 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-02-24 17:27:32 -0500

Seen: 8,765 times

Last updated: Mar 09 '15

Related questions

exec to uninstall windows service?

run Exec only if another Exec ran

foreach loop Hiera Array

Running sql scripts in puppet

exec "git clone" fails.

Execute puppi::netinstall but ONLY if symlink/directory exists

Make exec Wait For Previous Exec To Complete

Does the exec resource type only use its path=> attribute with the command=> attribute, or can the exec resource type also use its path=> attribute for the onlyif=> part?

Requires for exec not working

Exec with onlyif and bash if statement