>> quite sure this wont work, the puppet master does not run as root and
>> so your generate wont have access to read shadow file.
>>
> you could use sudo of course, but it doesnt seem like a great idea :)
Sounds right enough. Though if you're being generous with the hash of
that one root password for each last of your boxen (this strikes me at
not the most secure of concepts), you can go all the way and make it a
custom fact that the agent *on* your puppet master (or any other node
you declare seed for the root password) presents to the puppet master
for redistribution.
Also, some wear leveling of your precios grep binary (either in
generate+sudo or a fact):
awk -F: '$1 == "root" { print $2 }' /etc/shadow
;-)
(Also, protection from various possible occurences of the string "root"
in your shadow file.)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
