密码因 Puppet 中的特殊字符而失败

问题描述 投票:0回答:1

开放问题,有没有人遇到过使用木偶中的特殊字符登录密码失败的问题

例如:密码 postgres 用户 - ]htXXXXUyzJ5]yj!C 它不接受


12:58
~# pp
Info: Using environment 'nre_restore_script'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from xxx:8141 (xxx5)
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Lookup of key 'lookup_options' failed: Unable to parse (/etc/puppetlabs/code/hieradata/hieradata-nodes-configuration/Linux/ops4ops/onezabbix/claranet/databases/rmp/preproduction/params.yaml): expected the node content, but found ']' while parsing a block node at line 74 column 23 (file: /etc/puppetlabs/code/environments/nre_restore_script/modules/stdlib/manifests/init.pp, line: 11, column: 3) on node XXXXX
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

这里我添加了 param.yaml 文件中第 74 行的内容:

enter image description here

puppet
1个回答
0
投票

问题在于第一个字符、

[
和“]”用于数组。
使用不同的第一个字符,它应该可以工作。 这不是
puppet
的问题,这些是
json
的限制/要求。

当密码中包含特殊字符时,我在不同的工具中遇到登录失败的情况。在所有这些情况下,我如何处理带有特殊字符的字符串是一个问题。

示例:
首先,我创建需要密码 

pwcheck.sh
的脚本 
My * [secret]
(不是以 
[
]
开头,这是一个简单的情况):

read -p "Password: " password
if [[ $password == 'My * [secret]' ]]; then
  echo "Correct"
else
  echo "Wrong"
fi

使用带引号和不带引号的 

echo

$ echo 'My * [secret]' | ./pwcheck.sh
Correct
$ echo My * [secret] | ./pwcheck.sh
Wrong

使用来源的 ini 文件

$ echo 'pw="My * [secret]"' > pw.ini; source pw.ini; echo "$pw" | ./pwcheck.sh
Correct
$ unset pw
$ echo 'pw=My * [secret]' > pw.ini; source pw.ini; echo "$pw" | ./pwcheck.sh
$(echo 444): command not found
Wrong

当你有 yaml 文件时,不同的工具会按预期读取数据:

$ printf '%s\n' 'Demo:' '  password: My * [secret]' > pw.yaml
$ cat pw.yaml
Demo:
  password: My * [secret]
$ perl -MYAML -le 'print YAML::LoadFile(shift)->{Demo}{password}' pw.yaml | ./pwcheck.sh
Correct
$ ruby -r yaml -e 'puts YAML.load_file(ARGV[0])["Demo"]["password"]' pw.yaml | ./pwcheck.sh
Correct
$ yq -r .Demo.password pw.yaml | ./pwcheck.sh
Correct

还有木偶文件 pw.pp:

$myhash = parseyaml(file('/full/path/to/pw.yaml'))
$pw=$myhash['Demo']['password']
notice("pw=[$pw]")

我需要 

sed
从输出中删除颜色代码:

$ sudo puppet apply --modulepath /etc/puppet/code/modules pw.pp 2>/dev/null |
    sed -En 's/.*pw=\[(.*)\].*/\1/p' | ./pwcheck.sh
Correct

当我们对不同的 

yaml
文件使用相同的工具时,以“[”开头,就会出错:

$ cat pw.yaml
Demo:
  password: [My * [secret]]

$ perl -MYAML -le 'print YAML::LoadFile(shift)->{Demo}{password}' pw.yaml
YAML Error: Can't parse inline sequence
   Code: YAML_PARSE_ERR_INLINE_SEQUENCE
   Line: 2
   Document: 1
 at /home/walter/perl5/lib/perl5/YAML/Loader.pm line 551.

$ ruby -r yaml -e 'puts YAML.load_file(ARGV[0])["Demo"]["password"]' pw.yaml
Traceback (most recent call last):
        7: from -e:1:in `<main>'
        6: from /usr/lib/ruby/2.5.0/psych.rb:497:in `load_file'
        5: from /usr/lib/ruby/2.5.0/psych.rb:497:in `open'
        4: from /usr/lib/ruby/2.5.0/psych.rb:498:in `block in load_file'
        3: from /usr/lib/ruby/2.5.0/psych.rb:263:in `load'
        2: from /usr/lib/ruby/2.5.0/psych.rb:350:in `parse'
        1: from /usr/lib/ruby/2.5.0/psych.rb:402:in `parse_stream'
/usr/lib/ruby/2.5.0/psych.rb:402:in `parse': (pw.yaml): did not find expected ',' or ']' while parsing a flow sequence at line 2 column 13 (Psych::SyntaxError)

$ yq -r .Demo.password pw.yaml
Error: bad file 'pw.yaml': yaml: line 1: did not find expected ',' or ']'

$ sudo puppet apply --modulepath /etc/puppet/code/modules pw.pp
Error: Evaluation Error: Error while evaluating a Function Call, (<unknown>): did not find expected ',' or ']' while parsing a flow sequence at line 2 column 13 (file: .../pw.pp, line: 1, column: 11) on node ****

生成包含引号的 yaml 是最好的方法。

解决方法:

sed -Ei 's/(superuser_password: )(.*)/\1"\2"/' params.pp

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.