inline

On Fri, Jun 22, 2012 at 02:42:54PM -0700, Rob B. wrote:
>    Hey all,
>     
>    My objective is to set the root password on the puppet master and then
>    have root module mine the hash from the shadow file. It seems like it
>    should work, but I get the error "Parameter password failed: Passwords
>    cannot include ':' at". I am not sure where it is seeing the ":".
>     
>    Any ideas?
>     
>    The manifest looks like this:
>    class root::linuxroot {
>      user { 'root':
>        ensure           => 'present',
>        comment          => 'root',
>        uid              => '0',
>        gid              => '0',
>        home             => '/root',
>        password         => generate("/pathtoscript/getlinuxhash.sh"),
>        shell            => '/bin/bash',
>      }
>    }
>     
>    And the getlinuxhash.sh looks like this:
>    #!/bin/sh
>    HASHPASS=$(/bin/grep root /etc/shadow | /bin/awk -F ":" '{ print $2 }')
>    echo "'"$HASHPASS"'"

# facter | grep operatingsystem
operatingsystem => Debian
operatingsystemrelease => 6.0.5
# /bin/grep root /etc/shadow | /bin/awk -F ":" '{ print $2 }'
bash: /bin/awk: No such file or directory

You're probably fine with not using the full paths there, unless you are either 
on a single system type and/or templating getlinuxhash.sh.

"'"$HASHPASS"'"

That is likely interpreted as:

"'"       <--- a string
$HASHPASS <--- substituted
"'"       <--- a string

When I run your whole script without the full paths:

# cat /tmp/22 
#!/bin/sh
HASHPASS=$(grep root /etc/shadow | awk -F ":" '{ print $2 }')
echo "'"$HASHPASS"'"
# bash /tmp/22
'$6$Fpa0v1.a$2WyfaKkiZS7ALdjtXbU9bASyGcFTxomYSalcryFp5QsKrNJSOmPsG4NNNOZRSZS4S3aRwMD3iza03ORDTxlaq0'

Since the password hash should start with $6$, it looks like you're returning 
the quotes too, which is an incorrect password hash.

# cat /tmp/1.pp 
file { '/tmp/cw1':
  content => generate('/tmp/22')
}
# puppet apply /tmp/1.pp
notice: /Stage[main]//File[/tmp/cw1]/ensure: defined content as 
'{md5}3f4302ca8a8c24301c265fdc5345f341'
# cat /tmp/cw1 
'$6$Fpa0v1.a$2WyfaKkiZS7ALdjtXbU9BASyGcFTxomYSal4ryFp5AsKrNJSOmPsG4NNNOZRSZh4S3aRwMD3iza03ORDTelaq0'

Possibly try this for your generator? The -n is because I'm not certain if 
puppet will keep the trailing newline as part of the hash.

#!/bin/sh
HASHPASS=$(grep root /etc/shadow | awk -F: '{print $2}')
echo -n "$HASHPASS"

Also, why mine the password rather than provision it from your puppet manifests 
better hiera? That way you get more than one root password.

> 
>    --
>    You received this message because you are subscribed to the Google Groups
>    "Puppet Users" group.
>    To view this discussion on the web visit
>    [1]https://groups.google.com/d/msg/puppet-users/-/Q2wcMCPiKBUJ.
>    To post to this group, send email to puppet-users@googlegroups.com.
>    To unsubscribe from this group, send email to
>    puppet-users+unsubscr...@googlegroups.com.
>    For more options, visit this group at
>    http://groups.google.com/group/puppet-users?hl=en.
> 
> References
> 
>    Visible links
>    1. https://groups.google.com/d/msg/puppet-users/-/Q2wcMCPiKBUJ

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to