We sort of do this we set a global $password in our site.pp. That $password is an MD5 string. My environment is currently all Linux.
Then, in our base module we have: exec { "set-root-password": path => "/usr/sbin:/sbin" command => "/bin/echo root:$password | /usr/sbin/chpasswd -e" } It's obviously not very portable but eh. Cheers, Ryan On Wed, 2009-05-06 at 09:24 -0500, Evan Hisey wrote: > On Wed, May 6, 2009 at 2:51 AM, 骡骡 <ken.g...@gmail.com> wrote: > > > > in 1st day of each month , change passwd of root. > > > > # vi /etc/puppet/modules/user/manifests/init.pp > > > > class user { > > exec { "rootpw": > > command => "/usr/sbin/usermod -p $rootpw root", > > onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'", > > } > > } > > > > # vi /etc/puppet/manifests/templates.pp > > import user > > node basenode { > > $rootpw = "Vale.com-init" > > include user > > } > > > > > > > This just looks like a bad way to handle things. Given that you are > going to manually set the password for puppet to use any way why not > use something like this: <Warning this has not been tested> > > class update_pw{ > user{"root": > ensure => present, > password => generate("/opt/new_passwd.sh"), > } > > On the server /opt/new_passwd.sh would look like this: > #!/bin/bash > passwd=foobar > openssl passwd -crypt $passwd > > > This method should provide solutions to several problems with the > initial approach. You know have the password out of the manifests and > only have to secure one file. It will be handled by puppet as an > encrypted password so it will go over the wire encrypted. It will now > only change the password if the password parsed by the generate > command changes. > > Evan > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---