puppet won't change user's password
1,294 views
Skip to first unread message
Sergey Arlashin
Nov 26, 2013, 10:36:20 AM11/26/13
to puppet...@googlegroups.com
Hi!
I'm trying to set password for a user.
I do the following:
user { "username":
password => '*',
}
And when I run puppet agent nothing happens. The password remains the same. But if I create a new user which doesn't exist yet, the password is set without any problems.
Is this a normal behaviour of 'user' type?
--
Best regards,
Sergey Arlashin
I'm trying to set password for a user.
I do the following:
user { "username":
password => '*',
}
And when I run puppet agent nothing happens. The password remains the same. But if I create a new user which doesn't exist yet, the password is set without any problems.
Is this a normal behaviour of 'user' type?
--
Best regards,
Sergey Arlashin
Felix Frank
Nov 27, 2013, 5:32:10 AM11/27/13
to puppet...@googlegroups.com
Hi,
no, it's not. What version of puppet are you using?
To make sure there is nothing funny going on with your overall manifest
structure, can you try this as root on the agent machine:
puppet apply -e 'user { "username": password => "*" }'
For me, this yields
Notice: /User[username]/password: changed password
Notice: Finished catalog run in 0.53 seconds
This is puppet 3.3.1.
TIA,
Felix
no, it's not. What version of puppet are you using?
To make sure there is nothing funny going on with your overall manifest
structure, can you try this as root on the agent machine:
puppet apply -e 'user { "username": password => "*" }'
For me, this yields
Notice: /User[username]/password: changed password
Notice: Finished catalog run in 0.53 seconds
This is puppet 3.3.1.
TIA,
Felix
Sergey Arlashin
Nov 27, 2013, 5:57:57 AM11/27/13
to puppet...@googlegroups.com
# uname -a
Linux db-node2 3.2.0-55-generic #85-Ubuntu SMP Wed Oct 2 12:29:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/issue
Ubuntu 12.04.3 LTS \n \l
# puppet -V
3.3.2
# cat /etc/passwd |grep ^testuser
testuser:x:1002:1002::/home/testuser:/bin/sh
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:99999:7:::
# puppet apply -e 'user { "testuser": password => "*" }'
Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds
Notice: Finished catalog run in 0.08 seconds
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:99999:7:::
--
Best regards,
Sergey Arlashin
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295CA2A.1050102%40alumni.tu-berlin.de.
> For more options, visit https://groups.google.com/groups/opt_out.
Linux db-node2 3.2.0-55-generic #85-Ubuntu SMP Wed Oct 2 12:29:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/issue
Ubuntu 12.04.3 LTS \n \l
# puppet -V
3.3.2
# cat /etc/passwd |grep ^testuser
testuser:x:1002:1002::/home/testuser:/bin/sh
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:99999:7:::
# puppet apply -e 'user { "testuser": password => "*" }'
Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds
Notice: Finished catalog run in 0.08 seconds
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:99999:7:::
--
Best regards,
Sergey Arlashin
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295CA2A.1050102%40alumni.tu-berlin.de.
> For more options, visit https://groups.google.com/groups/opt_out.
Felix Frank
Nov 27, 2013, 6:00:19 AM11/27/13
to puppet...@googlegroups.com
Ugh. So, does it work with other values (e.g., actual password hashes)?
Sergey Arlashin
Nov 27, 2013, 6:02:18 AM11/27/13
to puppet...@googlegroups.com
# puppet apply -e 'user { "testuser": password => "$6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/" }'
Best regards,
Sergey Arlashin
Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds
Notice: Finished catalog run in 0.06 seconds
Best regards,
Sergey Arlashin
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D0C3.6090306%40alumni.tu-berlin.de.
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
Felix Frank
Nov 27, 2013, 6:05:02 AM11/27/13
to puppet...@googlegroups.com
Hi,
no good then.
Please run again with an added -dv switch to puppet apply, and share the
debug output.
Thanks in advance.
no good then.
Please run again with an added -dv switch to puppet apply, and share the
debug output.
Thanks in advance.
Sergey Arlashin
Nov 27, 2013, 6:12:09 AM11/27/13
to puppet...@googlegroups.com
Seems to be useradd issue..
Debug: /User[testuser]: Provider useradd does not support features manages_passwords; not managing attribute password
http://docs.puppetlabs.com/references/latest/type.html#user-provider-useradd:
"useradd
User management via useradd and its ilk. Note that you will need to install Ruby’s shadow password library (often known as ruby-libshadow) if you wish to manage user passwords."
So I installed libshadow and everything's working now!
# puppet apply -e 'user { "testuser": password => "*" }'
Notice: Compiled catalog for db-node2.site in environment production in 0.08 seconds
Notice: /User[testuser]/password: changed password
Notice: Finished catalog run in 0.13 seconds
Thank you!
--
Best regards,
Sergey Arlashin
Debug: /User[testuser]: Provider useradd does not support features manages_passwords; not managing attribute password
http://docs.puppetlabs.com/references/latest/type.html#user-provider-useradd:
"useradd
User management via useradd and its ilk. Note that you will need to install Ruby’s shadow password library (often known as ruby-libshadow) if you wish to manage user passwords."
So I installed libshadow and everything's working now!
# puppet apply -e 'user { "testuser": password => "*" }'
Notice: Compiled catalog for db-node2.site in environment production in 0.08 seconds
Notice: /User[testuser]/password: changed password
Notice: Finished catalog run in 0.13 seconds
Thank you!
--
Best regards,
Sergey Arlashin
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D1DE.5030106%40alumni.tu-berlin.de.
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
Felix Frank
Nov 27, 2013, 6:16:57 AM11/27/13
to puppet...@googlegroups.com
Way to go!
Felix Frank
Nov 27, 2013, 6:58:33 AM11/27/13
to Puppet Users
Hi Dan,
I hope this was indeed intended for the list, seeing as I just received
two messages from you to me directly. Something wonky on your end?
As for the issue below - in the OP's case, *no* run ever lead to a
change of passwords.
Cheers,
Felix
On 11/27/2013 12:46 PM, yg...@comcast.net wrote:
> Why do you expect a password change on the second run ?
>
> From my observations, the parameter value has not changed between runs, so there is nothing to change.
I hope this was indeed intended for the list, seeing as I just received
two messages from you to me directly. Something wonky on your end?
As for the issue below - in the OP's case, *no* run ever lead to a
change of passwords.
Cheers,
Felix
On 11/27/2013 12:46 PM, yg...@comcast.net wrote:
> Why do you expect a password change on the second run ?
>
> From my observations, the parameter value has not changed between runs, so there is nothing to change.
Dan White
Nov 27, 2013, 7:43:47 AM11/27/13
to puppet...@googlegroups.com
Just my attention-to-detail before sufficient coffee :P
I see down the thread that this was fixed.
From: "Felix Frank" <felix...@alumni.tu-berlin.de>
To: "Puppet Users" <puppet...@googlegroups.com>
Sent: Wednesday, November 27, 2013 6:58:33 AM
I see down the thread that this was fixed.
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
Bill Waterson (Calvin & Hobbes)
From: "Felix Frank" <felix...@alumni.tu-berlin.de>
To: "Puppet Users" <puppet...@googlegroups.com>
Sent: Wednesday, November 27, 2013 6:58:33 AM
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295DE69.80104%40alumni.tu-berlin.de.
Reply all
Reply to author
Forward
0 new messages