Ask Your Question
0

Configure passwords

asked 2013-12-02 07:58:17 -0500

Quindoo gravatar image

Hi,

I was wondering how passwords in Puppet manifests and/or modules can be distributed onto client nodes on a safe way. Therefor I would like to know how to securely encrypt the passwords in the manifests/modules and what are the best practices for doing this. I've read something about hiera-gpg but it's still a bit confusing.

Thanks in advance,

Quindoo

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2013-12-02 11:18:32 -0500

spuder gravatar image

updated 2013-12-03 10:37:37 -0500

Take a look at the following blog post on using puppet to manage users and passwords.

In all practicality you should avoid using puppet to manage users, and instead use LDAP.

Update

If you must use puppet, the simple answer would be to just provide the hash in the puppet manifest.

user { 'root':
  ensure           => 'present',
  password         => '$6$qfPDlAej83p$cj2nc1NjbKjhL42Mo/3Uia4NqD4dIB3ouVeI/tSG92UqH5cMKOA/ihjmxAuRtKHzGED0EHmdM0iNxa/662NW//',
}

Make sure to use single quotes around the hash.

You could alternatively use the encryption function to keep your manifests user readable, but still provide the hash to the client.

user { 'root':
  ensure           => 'present',
  password         => sha1('foobar ...
(more)
edit flag offensive delete link more
0

answered 2013-12-03 02:09:13 -0500

Quindoo gravatar image

So I understand that managing users is better while using LDAP. But if I do want or need to manage something encrypted, like a password, I should manually encrypt/hash it and paste the hash in the Puppet manifest? Or is there an easier or better way for doing this.

Btw, the blog post method of managing users through Puppet seems quite easy to understand, but even that page tells to paste the hash of the password.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-12-02 07:58:17 -0500

Seen: 635 times

Last updated: Dec 03 '13