FAQ
Dear Werner,

Good Morning !

I am also working with User Module in puppet (New to the puppet) ... But i
am not getting how /where to implement randome password generation.
Below is my Module:

/etc/puppetlabs/puppet/modules/user/manifests/user.pp :

#cat user.pp
define add_user ( $name, $uid, $groups, $shell, $password, $sshkeytype,
$sshkey,$password_max_age, $password_min_age ) {
$username = $title
user { $username:
comment => "$name",
home => "/home/$username",
shell => "/bin/bash",
uid => $uid,
password_max_age => "$password_max_age",
password_min_age => "$password_min_age"
}
group { $username:
gid => $uid,
require => user[$username]
}
file { "/home/$username/":
ensure => directory,
owner => $username,
group => $username,
mode => 750,
require => [ user[$username], group[$username] ]
}
file { "/home/$username/.ssh":
ensure => directory,
owner => $username,
group => $username,
mode => 700,
require => file["/home/$username/"]
}

file { "/home/$username/.ssh/authorized_keys":
ensure => present,
owner => $username,
group => $username,
mode => 600,
require => file["/home/$username/"]
}
ssh_authorized_key{ $username:
user => "$username",
ensure => present,
type => "$sshkeytype",
key => "$sshkey",
name => "$username"
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++
/etc/puppetlabs/puppet/manifests/nodes.pp

node 'alvtutl032.wm.com' {
user { installer:
ensure => "absent"
}
add_user { apple1:
name => "WM_admin_user",
uid => "3334",
password_min_age => '2',
password_max_age => '80000',
password =>'$1$7NwLmsAf$25L8RI8v5gbirkPKLSulE/',
shell => "/bin/bash",
groups => ['apple1'],
type => "ssh-dss",
sshkey =>
"AAAAB3NzaC1kc3MAAACBAJzMVL4afDQBJ3rcM9LlHqxg0rmkWDwoWehS4nIpBLJL9qGoyR1YBzPvpD1VufsUqgUXH9dYdfaiVum4IaTgyu2Tb0ezR4Nx2Jkcnp+8jFh/Cys3zgMvzJaIw/Au45E
9h4vBdwvouj1Sg0YaY5mGuKZ2w121uPLawjc3DJsNSc+jAAAAFQCb7+Vtir8w+o/CIDiSPXr6MVj16QAAAIBFHMnBixvQaxekLK70eR9TgYUAXsh0MHT8VT+XMUWlOC8u8yVEOTDzrU1ZL2vNWo4NZL6ex9ffx
0JRS5hSCU/o8aVcoC4viCC7SGmntNb0nQo+iKUyTQbGcmMoPG9lO498prML66GbOYWzTedc4XT683kyWV4k0iVixyvLsfLnAAAAIB4PmZfjdTtYwC7cE/upvfC/HWpKHHAn66YW6PRTCwZPqCd2AvHAMX/l7nb
k1u+BL0YtymawzNT97FcYuvM1UWrJ+fT8isTyHsoUkf76irVxcTBH0SReChHbYeWa2bATEvaj0u2597H4O7qYHJ6IZpTTAeWP0EeKDABfonAr+ZJw==",
}
exec { "first_login_password_ch":
command => "/usr/bin/chage -d 0 apple1",
path => "/usr/bin/chage"
}
}
+++++++++++++++++++++++++++++

random password script:

#!/bin/bash
# random password generator by typedeaF
# Sets the maximum size of the password the script will generate
MAXSIZE=15
# I put escape chars on all the non alpha-numeric characters just for
precaution
array1=(
q w e r t y u i o p a s d f g h j k l z x c v b n m Q W E R T Y U I O P A S
D
F G H J K L Z X C V B N M 1 2 3 4 5 6 7 8 9 0 ! @ # $ % ^ & * ( )
)
# Used in conjunction with modulus to keep random numbers in range of the
array size
MODNUM=${#array1[*]}
# Keeps track of the number characters in the password we have generated
pwd_len=0
while [ $pwd_len -lt $MAXSIZE ]
do
x=$(($RANDOM%500))
y=0
while [ $y -lt $x ]
do
((y++))
index=$(($RANDOM%$MODNUM))
echo -n "${array1[$index]}"
done
((pwd_len++))
done
exit 0

I dont know how to integrate with puppet module ....... Your help is much
appreciated....


Thanks & Regards,

Siva Kumar S.
On Wednesday, February 8, 2012 1:30:09 PM UTC-6, wernerbahlke wrote:

Hi,

I want to create a user with a random password. Is there a way to only
execute the manifest once when the user does not exist but not once
the user is created?

I know how to create a random password and can use generate to execute
this function (or make it a custom fact provided I get this fact
executed).

So far I call an add_user method define in a users module out of my
base class. Here is the code:

include users

users::add_user { 'testuser':
name => 'testuser',
uid => '777',
password => generate('/usr/local/bin/new_hash'),
shell => '/bin/csh',
groups => 'testuser',
}

But alas this will get executed every time the client runs since the
password will have changed due to the new generate call.

One work-around I could think of is to create the user on the client
(FreeBSD) using an exec calling the makepassword and pw command.

Then I could check for existance of the user in the masterpasswd file
with an unless check.

But I much prefer do this with Puppet natively.

Any suggestions will be greatly appreciated.

Werner
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FV4NZWaiBlYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Dan White at Oct 30, 2012 at 1:39 pm
    The package "expect" contains a script/binary called "mkpasswd" that I find very appropriate for making passwords.

    Here's its man-page: http://linux.die.net/man/1/mkpasswd

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Krzysztof Wilczynski at Oct 30, 2012 at 9:44 pm
    Hey,

    There is also this:

    https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/random_password.rb

    KW
    On Tuesday, October 30, 2012 1:39:35 PM UTC, Ygor wrote:

    The package "expect" contains a script/binary called "mkpasswd" that I
    find very appropriate for making passwords.

    Here's its man-page: http://linux.die.net/man/1/mkpasswd
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rL3ZUwnQpYUJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedOct 30, '12 at 12:28p
activeOct 30, '12 at 9:44p
posts3
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase