how to change root password for all nodes

1,514 views
Skip to first unread message

mahesh vijapure

unread,
Jul 9, 2014, 11:21:30 AM7/9/14
to puppet...@googlegroups.com
I want to update root password for all vms registered with Puppet. Please someone assist me here.

mahesh vijapure

unread,
Jul 9, 2014, 11:53:23 AM7/9/14
to puppet...@googlegroups.com
Please tell me any puppet module that can automatically resets the root password when they are >60 days old, and stores the new password in a central encrypted location
Thanks in advance for all your valuable inputs.

mahesh vijapure

unread,
Jul 9, 2014, 11:53:26 AM7/9/14
to puppet...@googlegroups.com
Please tell me any puppet module that can automatically resets the root password when they are >60 days old, and stores the new password in a central encrypted location
Thanks in advance for all your valuable inputs.

On Wednesday, July 9, 2014 8:51:30 PM UTC+5:30, mahesh vijapure wrote:

Doug Forster

unread,
Jul 9, 2014, 12:36:15 PM7/9/14
to puppet...@googlegroups.com
Mahesh,

While your setup may vary I cannot think of an easy way to accomplish all your goals.
Goals:
 1 Change when 60 days old
 2 Each server gets a unique
 3 Passwords are encrypted en escrow

Something we do is setup a user definition with a shared root password hash stored in hiera. We then rotate the password in hiera which gets pushed to all servers. This accomplishes goal 1 and possibly 2 if you create hashes for each server and stick them in hiera. This is also not an automated process as password hashes need to be generated and placed into hiera.

Something else you may want to do is generate some random password in a script save it to a gpg encrypted file. You could then use an ssh_key and copy it to some storage server. I might do this with some exec.

exec {'change_roots_password':
  unless => 'command to see if roots password is old enough',
  command   => 'command or script to change roots password to something random and save encrypted form of random data',
  notify => Exec['send_roots_password'],
#  require => File['some_script_to_change_root_password'],
}
exec {'send_roots_password':
  refreshonly => true,
  command   => 'command to copy encrypted file to central server using an ssh_key.',
}

references to get you started:
http://docs.puppetlabs.com/references/latest/type.html#exec
http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey
http://docs.puppetlabs.com/references/latest/type.html#file

Hope this helps,
Doug


--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/21396634-c470-4cbf-bd76-19cd8657e672%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Garrett Honeycutt

unread,
Jul 9, 2014, 1:55:55 PM7/9/14
to puppet...@googlegroups.com
On 7/9/14, 11:21 AM, mahesh vijapure wrote:
> I want to update root password for all vms registered with Puppet.
> Please someone assist me here.
>

Hi Mahesh,

You can use my common[1] module. It is safe to include as it takes no
action unless enabled in Hiera. You can leverage Hiera to set the root
password the same for all systems, unique per system, by environment,
location, etc.


[1] - https://github.com/ghoneycutt/puppet-module-common

Best regards,
-g

--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658

John Warburton

unread,
Jul 10, 2014, 12:06:17 AM7/10/14
to puppet-users
On 10 July 2014 01:53, mahesh vijapure <maheshvi...@gmail.com> wrote:
Please tell me any puppet module that can automatically resets the root password when they are >60 days old, and stores the new password in a central encrypted location
Thanks in advance for all your valuable inputs.
I want to update root password for all vms registered with Puppet. Please someone assist me here.


You are describing a product something like http://www.cyberark.com/product-detail/enterprise-password-vault

There may be open source alternatives that achieve the same, but it is not directly (or solely) a puppet solvable problem

John

Dirk Heinrichs

unread,
Jul 10, 2014, 4:32:59 PM7/10/14
to puppet...@googlegroups.com

Am Mittwoch 09 Juli 2014, 08:21:30 schrieb mahesh vijapure:

 

> I want to update root password for all vms registered with Puppet. Please 

> someone assist me here.

 

Did you think about closing the root account in favour of using sudo for all admin tasks? That way, you only need to distribute new /etc/sudoers file to your VMs.

 

Bye...

 

Dirk

--

*Dirk Heinrichs*, Senior Systems Engineer, Engineering Solutions

*Recommind GmbH*, Von-Liebig-Straße 1, 53359 Rheinbach

*Tel*: +49 2226 1596666 (Ansage) 1149

*Email*: d...@recommind.com <mailto:d...@recommind.com>

*Skype*: dirk.heinrichs.recommind

www.recommind.com <http://www.recommind.com>

Dirk Heinrichs

unread,
Jul 10, 2014, 4:53:40 PM7/10/14
to puppet...@googlegroups.com

Am Mittwoch 09 Juli 2014, 08:21:30 schrieb mahesh vijapure:

 

> I want to update root password for all vms registered with Puppet. Please 

> someone assist me here.

 

Did you think about closing the root account in favour of using sudo for all admin tasks? That way, you only need to distribute new /etc/sudoers file to your VMs.

Reply all
Reply to author
Forward
0 new messages