We sort of do this we set a global $password in our site.pp. That
$password is an MD5 string. My environment is currently all Linux.
Then, in our base module we have:
exec {
"set-root-password":
path => "/usr/sbin:/sbin"
command => "/bin/echo root:$password | /usr/sbin/chpasswd -e"
}
It's obviously not very portable but eh.
Cheers,
Ryan
On Wed, 2009-05-06 at 09:24 -0500, Evan Hisey wrote:
> On Wed, May 6, 2009 at 2:51 AM, 骡骡 <[email protected]> wrote:
> >
> > in 1st day of each month , change passwd of root.
> >
> > # vi /etc/puppet/modules/user/manifests/init.pp
> >
> > class user {
> > exec { "rootpw":
> > command => "/usr/sbin/usermod -p $rootpw root",
> > onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'",
> > }
> > }
> >
> > # vi /etc/puppet/manifests/templates.pp
> > import user
> > node basenode {
> > $rootpw = "Vale.com-init"
> > include user
> > }
> >
> >
> >
> This just looks like a bad way to handle things. Given that you are
> going to manually set the password for puppet to use any way why not
> use something like this: <Warning this has not been tested>
>
> class update_pw{
> user{"root":
> ensure => present,
> password => generate("/opt/new_passwd.sh"),
> }
>
> On the server /opt/new_passwd.sh would look like this:
> #!/bin/bash
> passwd=foobar
> openssl passwd -crypt $passwd
>
>
> This method should provide solutions to several problems with the
> initial approach. You know have the password out of the manifests and
> only have to secure one file. It will be handled by puppet as an
> encrypted password so it will go over the wire encrypted. It will now
> only change the password if the password parsed by the generate
> command changes.
>
> Evan
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
