inline
On Fri, Jun 22, 2012 at 02:42:54PM -0700, Rob B. wrote:
> Hey all,
>
> My objective is to set the root password on the puppet master and then
> have root module mine the hash from the shadow file. It seems like it
> should work, but I get the error "Parameter password failed: Passwords
> cannot include ':' at". I am not sure where it is seeing the ":".
>
> Any ideas?
>
> The manifest looks like this:
> class root::linuxroot {
> user { 'root':
> ensure => 'present',
> comment => 'root',
> uid => '0',
> gid => '0',
> home => '/root',
> password => generate("/pathtoscript/getlinuxhash.sh"),
> shell => '/bin/bash',
> }
> }
>
> And the getlinuxhash.sh looks like this:
> #!/bin/sh
> HASHPASS=$(/bin/grep root /etc/shadow | /bin/awk -F ":" '{ print $2 }')
> echo "'"$HASHPASS"'"
# facter | grep operatingsystem
operatingsystem => Debian
operatingsystemrelease => 6.0.5
# /bin/grep root /etc/shadow | /bin/awk -F ":" '{ print $2 }'
bash: /bin/awk: No such file or directory
You're probably fine with not using the full paths there, unless you are either
on a single system type and/or templating getlinuxhash.sh.
"'"$HASHPASS"'"
That is likely interpreted as:
"'" <--- a string
$HASHPASS <--- substituted
"'" <--- a string
When I run your whole script without the full paths:
# cat /tmp/22
#!/bin/sh
HASHPASS=$(grep root /etc/shadow | awk -F ":" '{ print $2 }')
echo "'"$HASHPASS"'"
# bash /tmp/22
'$6$Fpa0v1.a$2WyfaKkiZS7ALdjtXbU9bASyGcFTxomYSalcryFp5QsKrNJSOmPsG4NNNOZRSZS4S3aRwMD3iza03ORDTxlaq0'
Since the password hash should start with $6$, it looks like you're returning
the quotes too, which is an incorrect password hash.
# cat /tmp/1.pp
file { '/tmp/cw1':
content => generate('/tmp/22')
}
# puppet apply /tmp/1.pp
notice: /Stage[main]//File[/tmp/cw1]/ensure: defined content as
'{md5}3f4302ca8a8c24301c265fdc5345f341'
# cat /tmp/cw1
'$6$Fpa0v1.a$2WyfaKkiZS7ALdjtXbU9BASyGcFTxomYSal4ryFp5AsKrNJSOmPsG4NNNOZRSZh4S3aRwMD3iza03ORDTelaq0'
Possibly try this for your generator? The -n is because I'm not certain if
puppet will keep the trailing newline as part of the hash.
#!/bin/sh
HASHPASS=$(grep root /etc/shadow | awk -F: '{print $2}')
echo -n "$HASHPASS"
Also, why mine the password rather than provision it from your puppet manifests
better hiera? That way you get more than one root password.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> [1]https://groups.google.com/d/msg/puppet-users/-/Q2wcMCPiKBUJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> References
>
> Visible links
> 1. https://groups.google.com/d/msg/puppet-users/-/Q2wcMCPiKBUJ
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
