Dear Werner,
Good Morning !
I am also working with User Module in puppet (New to the puppet) ... But i
am not getting how /where to implement randome password generation.
Below is my Module:
/etc/puppetlabs/puppet/modules/user/manifests/user.pp :
#cat user.pp
define add_user ( $name, $uid, $groups, $shell, $password, $sshkeytype,
$sshkey,$password_max_age, $password_min_age ) {
$username = $title
user { $username:
comment => "$name",
home => "/home/$username",
shell => "/bin/bash",
uid => $uid,
password_max_age => "$password_max_age",
password_min_age => "$password_min_age"
}
group { $username:
gid => $uid,
require => user[$username]
}
file { "/home/$username/":
ensure => directory,
owner => $username,
group => $username,
mode => 750,
require => [ user[$username], group[$username] ]
}
file { "/home/$username/.ssh":
ensure => directory,
owner => $username,
group => $username,
mode => 700,
require => file["/home/$username/"]
}
file { "/home/$username/.ssh/authorized_keys":
ensure => present,
owner => $username,
group => $username,
mode => 600,
require => file["/home/$username/"]
}
ssh_authorized_key{ $username:
user => "$username",
ensure => present,
type => "$sshkeytype",
key => "$sshkey",
name => "$username"
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++
/etc/puppetlabs/puppet/manifests/nodes.pp
node 'alvtutl032.wm.com' {
user { installer:
ensure => "absent"
}
add_user { apple1:
name => "WM_admin_user",
uid => "3334",
password_min_age => '2',
password_max_age => '80000',
password =>'$1$7NwLmsAf$25L8RI8v5gbirkPKLSulE/',
shell => "/bin/bash",
groups => ['apple1'],
type => "ssh-dss",
sshkey =>
"AAAAB3NzaC1kc3MAAACBAJzMVL4afDQBJ3rcM9LlHqxg0rmkWDwoWehS4nIpBLJL9qGoyR1YBzPvpD1VufsUqgUXH9dYdfaiVum4IaTgyu2Tb0ezR4Nx2Jkcnp+8jFh/Cys3zgMvzJaIw/Au45E
9h4vBdwvouj1Sg0YaY5mGuKZ2w121uPLawjc3DJsNSc+jAAAAFQCb7+Vtir8w+o/CIDiSPXr6MVj16QAAAIBFHMnBixvQaxekLK70eR9TgYUAXsh0MHT8VT+XMUWlOC8u8yVEOTDzrU1ZL2vNWo4NZL6ex9ffx
0JRS5hSCU/o8aVcoC4viCC7SGmntNb0nQo+iKUyTQbGcmMoPG9lO498prML66GbOYWzTedc4XT683kyWV4k0iVixyvLsfLnAAAAIB4PmZfjdTtYwC7cE/upvfC/HWpKHHAn66YW6PRTCwZPqCd2AvHAMX/l7nb
k1u+BL0YtymawzNT97FcYuvM1UWrJ+fT8isTyHsoUkf76irVxcTBH0SReChHbYeWa2bATEvaj0u2597H4O7qYHJ6IZpTTAeWP0EeKDABfonAr+ZJw==",
}
exec { "first_login_password_ch":
command => "/usr/bin/chage -d 0 apple1",
path => "/usr/bin/chage"
}
}
+++++++++++++++++++++++++++++
random password script:
#!/bin/bash
# random password generator by typedeaF
# Sets the maximum size of the password the script will generate
MAXSIZE=15
# I put escape chars on all the non alpha-numeric characters just for
precaution
array1=(
q w e r t y u i o p a s d f g h j k l z x c v b n m Q W E R T Y U I O P A S
D
F G H J K L Z X C V B N M 1 2 3 4 5 6 7 8 9 0 ! @ # $ % ^ & * ( )
)
# Used in conjunction with modulus to keep random numbers in range of the
array size
MODNUM=${#array1[*]}
# Keeps track of the number characters in the password we have generated
pwd_len=0
while [ $pwd_len -lt $MAXSIZE ]
do
x=$(($RANDOM%500))
y=0
while [ $y -lt $x ]
do
((y++))
index=$(($RANDOM%$MODNUM))
echo -n "${array1[$index]}"
done
((pwd_len++))
done
exit 0
I dont know how to integrate with puppet module ....... Your help is much
appreciated....
Thanks & Regards,
Siva Kumar S.
On Wednesday, February 8, 2012 1:30:09 PM UTC-6, wernerbahlke wrote:
> Hi,
>
> I want to create a user with a random password. Is there a way to only
> execute the manifest once when the user does not exist but not once
> the user is created?
>
> I know how to create a random password and can use generate to execute
> this function (or make it a custom fact provided I get this fact
> executed).
>
> So far I call an add_user method define in a users module out of my
> base class. Here is the code:
>
> include users
>
> users::add_user { 'testuser':
> name => 'testuser',
> uid => '777',
> password => generate('/usr/local/bin/new_hash'),
> shell => '/bin/csh',
> groups => 'testuser',
> }
>
> But alas this will get executed every time the client runs since the
> password will have changed due to the new generate call.
>
> One work-around I could think of is to create the user on the client
> (FreeBSD) using an exec calling the makepassword and pw command.
>
> Then I could check for existance of the user in the masterpasswd file
> with an unless check.
>
> But I much prefer do this with Puppet natively.
>
> Any suggestions will be greatly appreciated.
>
> Werner
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/FV4NZWaiBlYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
