Puppet fails to convert plist hash to binary after password changed on OS X agent

100 views
Skip to first unread message

david.s...@brehm.org

unread,
May 9, 2016, 2:12:53 PM5/9/16
to Puppet Users, Jonathan Cohen
I have latest version Puppet server installed on Ubuntu 14.04.2 LTS
I have latest version Puppet agent installed on Mac OS X Yosemite 10.10.4 node named w89101pb8qr.brehm.private
Have admin account on agent named brehmlocaladmin

On node ran $ sudo -i puppet resource user brehmlocaladmin and pasted the output into site.pp as follows:

node 'w89101pb8qr.brehm.private {

  user { 'brehmlocaladmin':

    ensure     => 'present',

    comment    => 'Information Technology',

    gid        => '20',

    groups     => ['_appserveradm', '_appserverusr', '_lpadmin', 'admin', 'com.apple.sharepoint.group.1'],

    home       => '/Users/brehmlocaladmin',

    iterations => '20040',

    password   => '4ee47df1eed0f8d6cef08c99703a02336b4d93e1389f94c32c2ab70ca47032d0d79cfc1c748731d7eb30263ee6e555bdad714a0d77e1525b4fb5758f92bd4eafd2238e2b53ab0a7b186a5a9c4a42b989b9074c0035586df101012404113df5f5f6af536189e6c1d65f65abe4e52627710007ad176bbdbb232e55c910e17c8023',

    salt       => '40414ddd63cae740b0bb2487b3d123d2b1d3b258d182c8ef4c423f4c339e60a5',

    shell      => '/bin/bash',

    uid        => '501',

  }

}


Changed the password on brehmlocaladmin.


Then on the node ran $ sudo -i puppet agent --test --debug > output.log 2>&1


Everything runs fine until it comes time to revert the password hash, salt, and iteration to the original values when I get the following:


Debug: Executing: '/usr/bin/dscl . read /Users/brehmlocaladmin'

Debug: Executing: '/usr/bin/dscacheutil -flushcache'

Debug: Converting binary plist to hash

Debug: Converting plist hash to binary

Error: "\xE4" followed by "}" on UTF-8

Error: /Stage[main]/Main/Node[w89101pb8qr.brehm.private]/User[brehmlocaladmin]/password: change from [old password hash redacted] to [new password hash redacted] failed: "\xE4" followed by "}" on UTF-8

Debug: Executing: '/usr/bin/dscacheutil -flushcache'

Debug: Converting binary plist to hash

Debug: Converting plist hash to binary

Error: "\xDD" followed by "c" on UTF-8

Error: /Stage[main]/Main/Node[w89101pb8qr.brehm.private]/User[brehmlocaladmin]/salt: change from 0022bfae6c699e6dd8691e6acc03165acfb214f7b6a952f54ec703544f66377d to 40414ddd63cae740b0bb2487b3d123d2b1d3b258d182c8ef4c423f4c339e60a5 failed: "\xDD" followed by "c" on UTF-8

Debug: Executing: '/usr/bin/dscacheutil -flushcache'

Debug: Converting binary plist to hash

Debug: Converting plist hash to binary

Error: "\xD1" followed by "\x01" on UTF-8

Error: /Stage[main]/Main/Node[w89101pb8qr.brehm.private]/User[brehmlocaladmin]/iterations: change from 20366 to 20040 failed: "\xD1" followed by "\x01" on UTF-8

Debug: Node[w89101pb8qr.brehm.private]: Resource is being skipped, unscheduling all events

Debug: Class[Main]: Resource is being skipped, unscheduling all events



This happens whether I'm using the open-source puppet-server or the Enterprise Puppet Server and whether the puppet-agent on OS X was installed from puppet-agent-1.4.2-1-osx10.10.dmg or whether the puppet-agent was installed and configured by Enterprise Puppet Server from a shell script.


Has anybody seen the likes of this before? Is it a bug in puppet or a configuration issue?


I have only been working with Puppet for a few weeks. One of our requirements is to be able to manage local admin accounts and set or reset the password from Puppet. This issue has become a bit of a show-stopper.


--David M. St. Pierre


This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this email by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. 

Brehm Preparatory School, Inc. | 950 S. Brehm Lane, Carbondale, IL 62901 | Phone: (618) 457-0371 | www.brehm.org

Rob Nelson

unread,
May 9, 2016, 4:07:42 PM5/9/16
to puppet...@googlegroups.com
Are you sure you don't have a weird character in the string? It wouldn't be very useable, but if you change password and salt to 'foo' and run in noop mode does it at least want to run?
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/218738bd-19af-41e1-9b1c-276d156d8625%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--

david.s...@brehm.org

unread,
May 9, 2016, 5:13:35 PM5/9/16
to Puppet Users
As it turns out, this is a known issue , Puppet ticket PUP-5159, with a fix currently being tested. I took the source code of the fix off github and applied it to my development installation. It did resolve this issue. So now its just a wait until the patch is released.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.


--

Reply all
Reply to author
Forward
0 new messages