On Sun, Jan 29, 2012 at 6:18 PM, Olivier <ofran...@gmail.com> wrote: [snip] > > your answer is just the text of my original question. So the question > still stands: how do I get the hashed value from /etc/shadow?
Are you trying to get a value from /etc/shadow on a managed node or from the puppet master system itself? Remember functions in the Puppet DSL are only ever executed when compiling the catalog, so that means the Puppet Master (in a client / server setup) or the stand alone puppet apply application. If you're looking to get the value from a managed node and then use in manifests on the master, you'll need to use a custom fact. If you're looking to use the value in a resource you're managing you'll likely want to build it into a custom type and provider. > Here is the background of my problem. I have 40 puppet clients and one > master. The password of each user expires after 90 days. Instead of > changing their password manually on 40 different servers by logging > into each server,each user will have to change his/her password on the > puppet server only and Puppet will replicate the hash value on each > puppet client. Obviously I will never know the user's password and am > not interested in replicating the root password. NIS and LDAP are not > an option. For this use case a custom function that reads the file will work fine. You could even use generate() and a shell one-liner. Are you running into a standard filesystem permissions issue? /etc/shadow is locked down pretty hard and the Puppet Master usually runs with lower privileges using a service account. -- Jeff McCune -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
