Use a python shim for running for auth_ed25519 helper

When mysql ed25519 authentication is enabled, puppet-tripleo uses a python helper to generate password hashes. Python helpers have their +x permission stripped on install time, so run the helper via the right python interpreter instead. Change-Id: I13b02af166d7767799be99a0fb52066b00637a01 Related-Bug: #1866093
2020-04-14 15:48:08 +02:00 · 2020-04-14 15:48:08 +02:00 · 1479a0ea32
parent ff22e7c268
commit 1479a0ea32
1 changed files with 3 additions and 1 deletions
--- a/lib/puppet/functions/mysql_ed25519_password.rb
+++ b/lib/puppet/functions/mysql_ed25519_password.rb
@ -12,7 +12,9 @@ Puppet::Functions.create_function(:'mysql_ed25519_password') do
    # out of the sha512(password). Unfortunately, there is no native
    # ruby implementation of ed25519's unclamped scalar multiplication
    # just yet, so rely on an binary to get the hash for now.
-    hashed = `/etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
+    python = `(which python3 || which python2 || which python) 2>/dev/null`
+    raise Puppet::Error, 'python interpreter not found in path' unless $?.success?
+    hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
    raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43
    return hashed
  end