Kafo and random passwords

I’d like to use kafo for an installer based on puppet modules, works fine. But I do not understand how kafo handles random passwords e.g. database passwords.

In my puppet manifest I use extlib::cache and random to generate random passwords and it works correct. I took a look at the foreman-installer but that didn’t help.


We solve it at the Puppet layer using the extlib module you already found. That also has a random_password function:

I did on the same way but get the following string int the installer:

extlib::cache_data(‘my_cache_data’, ‘db_pass’, extlib::random_password(32))

Hm, all my parameter defaults are recognized as strings also arrays and hashes.

Main Config Menu

  1. [✓] Configure icinga_ido
  2. [✓] Configure icinga_server
  3. Display current config
  4. Save and run
  5. Cancel run without Saving

Choose an option from the menu… 3

db_pass: extlib::cache_data(‘icinga_cache_data’, ‘db_pass’, extlib::random_password(32))
db_type: mysql
db_host: localhost
db_name: icinga2
db_user: icinga2
manage_database: false
enable_ha: false
ca: false
config_server: false
zone: main
- “

There is a limitation that kafo can’t really parse Puppet code. There’s some naive parsing:

However, puppet-strings gives a raw value. So a string shows up as "mystring". It has known limitations, like not being able to interpret [] as an array. It ends up being interpreted as "[]", so a string that contains []. This leads to Bug #31565: Validation of array's as static parameters on a class is incorrectly handled - Kafo - Foreman but there’s more ways this can manifest itself. Another is $facts['myfact'] which is also not properly understood.

We’ve always worked around this by creating params.pp and inheriting. Perhaps not so pretty, but patches welcome.

Ok, thx but that isn’t my main problem. This can I fix in answer files.

Now I tried to set

$db_pass = extlib::cache_data(‘icinga_cache_data’, ‘db_pass’, extlib::random_password(32))

in the old sytle params.pp ans inherits params but now the db_pass is shown as empty in the installer.

Do you have the code available somewhere by any chance?


Code wise that looks like it should work. Do you also have the code to the actual installer? I also wonder if there’s something weird in your answers file.

Ok, the params class is applied only if the main class (init.pp) is used in the answers file.

Found my mistake, now I use mapping and all works fine. Thx for your time.