Mahesh,
While your setup may vary I cannot think of an easy way to accomplish all
your goals.
Goals:
1 Change when 60 days old
2 Each server gets a unique
3 Passwords are encrypted en escrow
Something we do is setup a user definition with a shared root password hash
stored in hiera. We then rotate the password in hiera which gets pushed to
all servers. This accomplishes goal 1 and possibly 2 if you create hashes
for each server and stick them in hiera. This is also not an automated
process as password hashes need to be generated and placed into hiera.
Something else you may want to do is generate some random password in a
script save it to a gpg encrypted file. You could then use an ssh_key and
copy it to some storage server. I might do this with some exec.
exec {'change_roots_password':
unless => 'command to see if roots password is old enough',
command => 'command or script to change roots password to something
random and save encrypted form of random data',
notify => Exec['send_roots_password'],
# require => File['some_script_to_change_root_password'],
}
exec {'send_roots_password':
refreshonly => true,
command => 'command to copy encrypted file to central server using an
ssh_key.',
}
references to get you started:
http://docs.puppetlabs.com/references/latest/type.html#exec
http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey
http://docs.puppetlabs.com/references/latest/type.html#file
Hope this helps,
Doug
On Wed, Jul 9, 2014 at 9:53 AM, mahesh vijapure <[email protected]>
wrote:
> Please tell me any puppet module that can automatically resets the root
> password when they are >60 days old, and stores the new password in a
> central encrypted location
> Thanks in advance for all your valuable inputs.
>
> On Wednesday, July 9, 2014 8:51:30 PM UTC+5:30, mahesh vijapure wrote:
>
>> I want to update root password for all vms registered with Puppet. Please
>> someone assist me here.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/21396634-c470-4cbf-bd76-19cd8657e672%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/21396634-c470-4cbf-bd76-19cd8657e672%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOwhAcoxCPc4KGQw6672Y2yTh4Gnpbhtz-6NhUJc%3D-XUhx3r7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
