Ask Your Question

How can I best manage root passwords for many servers?

asked 2014-09-02 19:19:29 -0500

Cesar Sturion gravatar image


I'm looking for some ways to manage root password for many servers with puppet. I saw any ways to do this, but I want a help with yours opinion.

I found this:

class update_pw{
           ensure => present,
           password => generate("/opt/"),

On the server /opt/ would look like this:
openssl passwd -crypt $passwd


class site::root_user {
  # This will enforce the root password of "puppet"
  user { root:
    ensure => present,
    password => '$6$7pe0INu/$ /BfyShhOf1G0ft7mRHspXDZo6.ezyqpqIXHQ8Tl8ZJt0',

You know another way? Or what would be the best way?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-10-15 08:44:11 -0500

vikas027 gravatar image

I recommend using hiera-eyaml for the same. It is simple and easy to use.

edit flag offensive delete link more

answered 2014-09-20 05:02:15 -0500

fuero gravatar image

The first approach looks odd, but I think they do it this way to hide the actual password from the puppet manifest/module.

With puppet 3.x, I'd use hiera and the automatic lookups for class parameters to get around storing site-specific information with modules. To be able to store the password encrpyted in a hiera file, have a look at hiera-gpg.


  - yaml
  :datadir: /etc/puppet/hiera
  - common


site::root_user::password: '$6$7pe0INu/$ /BfyShhOf1G0ft7mRHspXDZo6.ezyqpqIXHQ8Tl8ZJt0'


class site::root_user (
    $password = undef,
) {
    user { root:
        ensure => present,
        password => $password,
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-09-02 19:19:29 -0500

Seen: 7,667 times

Last updated: Oct 15 '15