Gah... Figured out the problem literally 5 minutes after I
posted...
Problem was that I had generated a puppet.conf using --genconfig and
forgotten to remove genconfig = true... Logs reported that the config
file
had been re-read, but obviously not true if this setting has been
left
enabled -
Alan,
One thing I found handy was to build up 2 custom facts to add into
facter: defaultroute and site.
defaultroute is used to determine which site a host is in...
Personally I found the class heirarchy
too limited since you can't inherit from multiple places... So you
would need classes like si
in 1st day of each month , change passwd of root.
# vi /etc/puppet/modules/user/manifests/init.pp
class user {
exec { "rootpw":
command => "/usr/sbin/usermod -p $rootpw root",
onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'",
}
}
# vi /etc
On Wed, 06 May 2009, 骡骡 wrote:
> in 1st day of each month , change passwd of root.
> exec { "rootpw":
> command => "/usr/sbin/usermod -p $rootpw root",
> onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'",
Assuming you run puppet every 30 minutes, won'
I have a couple of concerns about this (at least in my environment).
First, the root password would be clearly visible (not even crypted!)
In the process listing during execution of the usermod. Second,
similarly, the root password is stored in plaintext on the
puppetmaster. Actually, would that v
I have a couple of concerns about this (at least in my environment).
First, the root password would be clearly visible (not even crypted!)
In the process listing during execution of the usermod. Second,
similarly, the root password is stored in plaintext on the
puppetmaster. Actually, would that v
2009/5/6 Chad Huneycutt
>
> I have a couple of concerns about this (at least in my environment).
> First, the root password would be clearly visible (not even crypted!)
> In the process listing during execution of the usermod. Second,
> similarly, the root password is stored in plaintext on the
>
Hi
> It's easy enough to just use sed in a exec to updatet the hash in shadow. I
> agree that having a clear text root passord floating around is a bad idea.
> That would lead it to be in the manifests, in subversion, in syslog and
> probably in the yaml cache like Chad said.
it's even easier t
On Wed, May 6, 2009 at 2:51 AM, 骡骡 wrote:
>
> in 1st day of each month , change passwd of root.
>
> # vi /etc/puppet/modules/user/manifests/init.pp
>
> class user {
>exec { "rootpw":
>command => "/usr/sbin/usermod -p $rootpw root",
>onlyif => "/usr/bin/test
I'm trying to pitch puppet to my group. I have a test server & 2
clients, things are going pretty well. The question relates to user
password management as outlined in the recipies. My question, if only
the hash value changes, will puppet apply that change? Who notices
the change, the client o
On Wed, May 6, 2009 at 9:40 AM, LenR wrote:
>
> I'm trying to pitch puppet to my group. I have a test server & 2
> clients, things are going pretty well. The question relates to user
> password management as outlined in the recipies. My question, if only
> the hash value changes, will puppet a
Hi,
Am 06.05.2009 um 16:40 schrieb LenR:
> I'm trying to pitch puppet to my group. I have a test server & 2
> clients, things are going pretty well. The question relates to user
> password management as outlined in the recipies. My question, if only
> the hash value changes, will puppet apply
Hi all,
Can someone tell me what is the reason for the pw user provider not
supporting the password parameter? As far as I know one can pipe an
encrypted password string to pw and it will set it as expected.
As a workaround I'm using an exec to achieve this functionality:
define users::freeb
Is it this issue?
http://projects.reductivelabs.com/issues/1511
You need to have ruby-shadow library and restart puppetd.
-Peter
On May 6, 2009, at 11:07 AM, Andrew Wasilczuk wrote:
>
> Hi all,
>
> Can someone tell me what is the reason for the pw user provider not
> supporting the password par
On Wed, May 06, 2009 at 04:02:54PM +0200, Bj?rn Dyre Dyresen wrote:
> It's easy enough to just use sed in a exec to updatet the hash in shadow. I
> agree that having a clear text root passord floating around is a bad idea.
> That would lead it to be in the manifests, in subversion, in syslog and
>
I do this using storedconfigs and virtual resources for hosts. For example:
@@host { "$hostname.private":
ip => $ipaddress_eth1,
ensure => present,
alias => "$hostname"
}
Host <<| |>>
What this does is when the machine first connects, it creates a virtual
resource for i
Hi Len,
Let me take a shot at this. I'm sure I'll be corrected if I'm wrong.
It roughly works like this:
1) Client connects to server and asks "what should my configuration be?"
2) Server responds with the desired configuration
3) Client then checks that configuration against what exists
4) Cl
On Wed, May 06, 2009 at 09:24:41AM -0500, Evan Hisey wrote:
> openssl passwd -crypt $passwd
[...]
> encrypted password so it will go over the wire encrypted. It will now
But it will still show up unencrypted in processlist.
--
Marcin Owsiany http://marcin.owsiany.pl/
GnuPG: 1024D/
On Wed, May 06, 2009 at 04:02:54PM +0200, Bjørn Dyre Dyresen wrote:
> 2009/5/6 Chad Huneycutt
>
> >
> > I have a couple of concerns about this (at least in my environment).
> > First, the root password would be clearly visible (not even crypted!)
> > In the process listing during execution of th
On Wed, May 6, 2009 at 1:40 PM, Marcin Owsiany wrote:
>
> On Wed, May 06, 2009 at 09:24:41AM -0500, Evan Hisey wrote:
>> openssl passwd -crypt $passwd
> [...]
>> encrypted password so it will go over the wire encrypted. It will now
>
> But it will still show up unencrypted in processlist.
>
> --
On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote:
> >
> > But it will still show up unencrypted in processlist.
> >
> Only on the puppetmaster server, and this would happen no matter how
> you generate the password encryption.
Not true. There are several utilities that can read from st
On Wed, May 6, 2009 at 2:25 PM, Bruce Richardson wrote:
>
> On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote:
>> >
>> > But it will still show up unencrypted in processlist.
>> >
>> Only on the puppetmaster server, and this would happen no matter how
>> you generate the password encrypt
We sort of do this we set a global $password in our site.pp. That
$password is an MD5 string. My environment is currently all Linux.
Then, in our base module we have:
exec {
"set-root-password":
path => "/usr/sbin:/sbin"
command => "/bin/echo root:$password | /usr/sbin/chpasswd -e"
}
I am not sure everyone is on the same page:
1. you don't want to have the root password (encrypted or not) showing
up in the process listing of your clients.
2. even if you are generating the password on the master, it is going
to show up in the yaml on the client, and if that is the case, it
wou
Chad Huneycutt wrote:
> I am not sure everyone is on the same page:
>
> 1. you don't want to have the root password (encrypted or not) showing
> up in the process listing of your clients.
Well, this is a policy/philosophy issue. The question is "what is an
acceptable risk for your environment?"
Hello,
I am a puppet newbie, I got a puppetmaster running on my network, and
puppetd is installed and run on new servers.
I am trying to get puppet to start postfix on a Solaris server.
The postfix package was previously installed (via jumpstart).
When the system first comes up, if I type
I believe you do not need
start => true
you may need to set the name though:
name => 'svc:/network/postfix:default'
unless 'svcadm enable postfix' works as is (I do not have postfix on
my servers, but I can do 'svcadm enable smtp'
The enable => true means to execute the 'sv
On May 6, 3:51 pm, 骡骡 wrote:
> in 1st day of each month , change passwd of root.
>
> # vi /etc/puppet/modules/user/manifests/init.pp
>
> class user {
> exec { "rootpw":
> command => "/usr/sbin/usermod -p $rootpw root",
> onlyif => "/usr/bin/test `/bin/dat
Thank you ! I find my problem ! I will modify the module with user
type.
On May 6, 9:54 pm, Chad Huneycutt wrote:
> I have a couple of concerns about this (at least in my environment).
> First, the root password would be clearly visible (not even crypted!)
> In the process listing during execut
I am creating a "define" to manage cups printers on many servers and
would like to export the necessary 'file' and 'exec' resources with
multiple tags so i can be selective about what is realized on what
servers but i don't seem to be able to get it working with multiple tags.
The following ex
> josb has provided a 1.9 compatibility patch, but we stupidly have not
> merged it in yet.
>
> It'll be in 0.25, though.
Where can we find this patch?
Or alternatively is 0.25 coming out fairly soon?
--~--~-~--~~~---~--~~
You received this message because you ar
When you say the hash value changed, do you mean on the puppetmaster?
In the most used Puppet setup, the master compiles the config for each
client, and the client synchronizes the resources.
'Noticed' is a little ambiguous, and I might be misinterpreting, but the
client is what is going to compa
2009/5/6 Ryan Dooley :
>
> Chad Huneycutt wrote:
>> I am not sure everyone is on the same page:
>>
>> 1. you don't want to have the root password (encrypted or not) showing
>> up in the process listing of your clients.
>
> Well, this is a policy/philosophy issue. The question is "what is an
> acc
On May 6, 2009, at 6:47 PM, Jim Pirzyk wrote:
> I believe you do not need
>
> start => true
>
> you may need to set the name though:
>
> name => 'svc:/network/postfix:default'
>
> unless 'svcadm enable postfix' works as is (I do not have postfix on
> my servers, but I can do 'svcad
34 matches
Mail list logo
