[MediaWiki-commits] [Gerrit] operations/puppet[production]: Create root passwords for labs instances and store passwords...

Mon, 08 Aug 2016 12:53:06 -0700 

Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/303617

Change subject: Create root passwords for labs instances and store passwords on 
the puppetmaster
......................................................................

Create root passwords for labs instances and store passwords on the puppetmaster

Bug: T142216
Change-Id: Ia9eb2bdb5879fe074ecb9e175f57f3849ff52821
---
M modules/base/manifests/labs.pp
A modules/puppetmaster/files/make_labs_password.sh
M modules/puppetmaster/manifests/labs.pp
3 files changed, 41 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/17/303617/1

diff --git a/modules/base/manifests/labs.pp b/modules/base/manifests/labs.pp
index 74a82d0..5d931bc 100644
--- a/modules/base/manifests/labs.pp
+++ b/modules/base/manifests/labs.pp
@@ -49,4 +49,9 @@
             user    => 'root',
         }
     }
+
+    # Create a root password and store it on the puppetmaster
+    user { 'root':
+        password => generate('/usr/local/bin/make_labs_password.sh', $fqdn)
+    }
 }
diff --git a/modules/puppetmaster/files/make_labs_password.sh 
b/modules/puppetmaster/files/make_labs_password.sh
new file mode 100644
index 0000000..0603e4b
--- /dev/null
+++ b/modules/puppetmaster/files/make_labs_password.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+alias errcho='>&2 echo'
+
+INSTANCE=$1
+DIRECTORY=/var/cache/instance-root-passwords
+
+if [ -z "$INSTANCE" ]; then
+    errcho "No instance name specified."
+    exit 1
+fi
+
+if [ ! -d "$DIRECTORY" ]; then
+    errcho "Directory for passwords not found."
+    exit 1
+fi
+
+if [ -f $DIRECTORY/$INSTANCE ]; then
+  PASSWORD=$(cat $DIRECTORY/$INSTANCE)
+else
+  PASSWORD=$(pwgen -sy -N 1)
+  umask 027
+  echo $PASSWORD > $DIRECTORY/$INSTANCE
+fi
+mkpasswd -m sha-512 $PASSWORD
diff --git a/modules/puppetmaster/manifests/labs.pp 
b/modules/puppetmaster/manifests/labs.pp
index 820b03d..1d20835 100644
--- a/modules/puppetmaster/manifests/labs.pp
+++ b/modules/puppetmaster/manifests/labs.pp
@@ -21,4 +21,16 @@
         user    => 'gitpuppet',
         minute  => '*/1',
     }
+
+    file { '/usr/local/bin/make_labs_password.sh':
+        ensure => 'present',
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0555',
+        source => 'puppet:///modules/puppetmaster/make_labs_password.sh'
+    }
+
+    file { '/var/cache/instance-root-passwords':
+        ensure => 'directory',
+    }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/303617
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia9eb2bdb5879fe074ecb9e175f57f3849ff52821
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to