[Puppet Users] Re: set password of root

Wed, 06 May 2009 14:47:29 -0700 

We sort of do this we set a global $password in our site.pp.  That
$password is an MD5 string.  My environment is currently all Linux.

Then, in our base module we have:

exec {
  "set-root-password":
    path => "/usr/sbin:/sbin"
    command => "/bin/echo root:$password | /usr/sbin/chpasswd -e"
}

It's obviously not very portable but eh.

Cheers,
Ryan

On Wed, 2009-05-06 at 09:24 -0500, Evan Hisey wrote:
> On Wed, May 6, 2009 at 2:51 AM, 骡骡 <ken.g...@gmail.com> wrote:
> >
> > in 1st day of each month , change passwd of root.
> >
> > # vi /etc/puppet/modules/user/manifests/init.pp
> >
> > class user {
> >        exec { "rootpw":
> >                command => "/usr/sbin/usermod -p $rootpw root",
> >                onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'",
> >        }
> > }
> >
> > # vi  /etc/puppet/manifests/templates.pp
> > import user
> > node basenode {
> >        $rootpw = "Vale.com-init"
> >        include user
> > }
> >
> >
> >
> This just looks like a bad way to handle things. Given that you are
> going to manually set the password for puppet to use any way why not
> use something like this: <Warning this has not been tested>
> 
> class update_pw{
>      user{"root":
>            ensure => present,
>            password => generate("/opt/new_passwd.sh"),
>     }
> 
> On the server /opt/new_passwd.sh would look like this:
> #!/bin/bash
> passwd=foobar
> openssl passwd -crypt $passwd
> 
> 
> This method should provide solutions to several problems with the
> initial approach. You know have the password out of the manifests and
> only have to secure one file. It will be handled by puppet as an
> encrypted password so it will go over the wire encrypted. It will now
> only change the password if the password parsed by the generate
> command changes.
> 
> Evan
> 
> > 


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to