On Wed, May 6, 2009 at 2:51 AM, 骡骡 <[email protected]> wrote:
>
> in 1st day of each month , change passwd of root.
>
> # vi /etc/puppet/modules/user/manifests/init.pp
>
> class user {
> exec { "rootpw":
> command => "/usr/sbin/usermod -p $rootpw root",
> onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'",
> }
> }
>
> # vi /etc/puppet/manifests/templates.pp
> import user
> node basenode {
> $rootpw = "Vale.com-init"
> include user
> }
>
>
>
This just looks like a bad way to handle things. Given that you are
going to manually set the password for puppet to use any way why not
use something like this: <Warning this has not been tested>
class update_pw{
user{"root":
ensure => present,
password => generate("/opt/new_passwd.sh"),
}
On the server /opt/new_passwd.sh would look like this:
#!/bin/bash
passwd=foobar
openssl passwd -crypt $passwd
This method should provide solutions to several problems with the
initial approach. You know have the password out of the manifests and
only have to secure one file. It will be handled by puppet as an
encrypted password so it will go over the wire encrypted. It will now
only change the password if the password parsed by the generate
command changes.
Evan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
