I am using users' resource to create unix accounts and then set a default password. For this I have written the following manifest .

 node 'node2.example.com','node3.example.com' {
user {
ensure  => 'present',
managehome => 'true',
comment => 'man Home',
shell   => '/bin/bash',
expiry  => '2016-03-22',
password => '$1$cs1j/t.D$4Q2Ocr0pulyNTUx/', password_min_age => '30', password_max_age => '60', } }  It works fine, but I want the user should be forced to change his password at next login. For this I extended the rule with an exec resource to run the following command chage -d 0 askar so that the user is forced to change the password  exec { 'chage': command => 'chage -d 0 askar' } }  But this is not working for me. Can you please suggest how can I get a user forced to change his password at next login . edit retag close merge delete ## Comments Does puppet throw an error? Does it say it's running it but you see no change on the system? Just saying "this is not working" doesn't give us any info on why. ( 2016-03-17 13:27:45 -0600 )edit ## 2 Answers Sort by » oldest newest most voted This isn't going to work for a few reasons, not all of which I will go into. The main problem is, if you declare a password for the user 'askar', and then expect that user to manually change it as a result of the Exec you have declared, Puppet will change it back again on its next run to whatever you have in password => '$1$cs1j/t.D$4Q2Ocr0pulyNTUx/'.

You could perhaps have the user generate an encrypted password by following a procedure like this.

However, I think this is the wrong approach. I do not consider a user's password to be "configuration"; rather it is server "data", and since Puppet is a configuration management tool, a user's password does not belong in Puppet.

If you're not using or planning to use LDAP to manage your users, I would personally use Mcollective, or even an Ansible playbook, outside of Puppet, to set the initial passwords and run chage.

more

Setting path variable just before command under exec section , did the work for me . path => '/usr/bin/',

( 2016-03-26 22:20:32 -0600 )edit

( 2016-03-28 05:21:12 -0600 )edit

You should note carefully what I have said in my answer, because although path may have made the code appear to work, it still won't really work for all the reasons I mentioned, and other reasons I didn't mention. As for Mcollective, best thing is to play with it, ask questions if you're stuck.

( 2016-03-28 05:40:33 -0600 )edit

user { 'pankaj': ensure => 'present', comment => 'Ops Users', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', } }

    exec { 'echo "pankaj:password1" | /usr/sbin/chpasswd':
path => '/usr/bin'
}

exec { 'chage -d 0 pankaj':
path => '/usr/bin'
}
`

use above OR below :

user { 'pankaj': ensure => 'present', comment => 'Ops Users', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', }

exec { 'echo "pankaj:password1" | /usr/sbin/chpasswd': path => '/usr/bin' } exec { 'chage -d 0 pankaj': path => '/usr/bin' }

more