Ask Your Question
1

How can I best manage root passwords for many servers?

asked 2014-09-02 19:19:29 -0500

Cesar Sturion gravatar image

Hi,

I'm looking for some ways to manage root password for many servers with puppet. I saw any ways to do this, but I want a help with yours opinion.

I found this:

class update_pw{
     user{"root":
           ensure => present,
           password => generate("/opt/new_passwd.sh"),
    }

On the server /opt/new_passwd.sh would look like this:
#!/bin/bash
passwd=foobar
openssl passwd -crypt $passwd

Other:

class site::root_user {
  # This will enforce the root password of "puppet"
  user { root:
    ensure => present,
    password => '$6$7pe0INu/$Uxsn.lb/mJjd9394DIJx5JS9a1NVhrpWDpXRtPGS78 /BfyShhOf1G0ft7mRHspXDZo6.ezyqpqIXHQ8Tl8ZJt0',
  }
}

You know another way? Or what would be the best way?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2015-10-15 08:44:11 -0500

vikas027 gravatar image

I recommend using hiera-eyaml for the same. It is simple and easy to use.

edit flag offensive delete link more
0

answered 2014-09-20 05:02:15 -0500

fuero gravatar image

The first approach looks odd, but I think they do it this way to hide the actual password from the puppet manifest/module.

With puppet 3.x, I'd use hiera and the automatic lookups for class parameters to get around storing site-specific information with modules. To be able to store the password encrpyted in a hiera file, have a look at hiera-gpg.

/etc/puppet/hiera.yaml

---
:backends:
  - yaml
:yaml:
  :datadir: /etc/puppet/hiera
:hierarchy:
  - common

/etc/puppet/hiera/common.yaml

---
site::root_user::password: '$6$7pe0INu/$Uxsn.lb/mJjd9394DIJx5JS9a1NVhrpWDpXRtPGS78 /BfyShhOf1G0ft7mRHspXDZo6.ezyqpqIXHQ8Tl8ZJt0'

/etc/puppet/modules/site/manifests/root_user.pp

class site::root_user (
    $password = undef,
) {
    user { root:
        ensure => present,
        password => $password,
    }
}
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-09-02 19:19:29 -0500

Seen: 5,957 times

Last updated: Oct 15 '15