Puppet: Set the User's Password
A few months ago, I published a post about using Puppet to manage infrastructure. As my company grows, I'm finding it more important to ensure that all of my servers are managed in a sane manner. To me, this includes ensuring that if one of my servers ever goes down, or the data center it's in gets smashed by a meteor, I could theoretically be back up and running just by migrating to another data center.
At the end of that first post, I had created a couple of Linodes and installed Puppet on them. I had also created a user and group on the slave node. But...I couldn't login to the slave node as the user I'd created, because it didn't have a password!
Since I'm going to be updating my
user today, I'll include my original
user definition below.
Set the Password
It turns out that setting the password for a Puppet user isn't that hard.
openssl to create the hashed/salted password on a commandline:
Then take the output (the last line) and stick it in the
site.pp file on the master node. Thus, my
definition on my
puppetmaster now looks like this:
Note: since the hashed and salted password value contains
$ symbols, it's important to enclose the value in
single quotes, not double quotes. If you use double quotes, the Ruby system underlying Puppet will attempt
to interpolate the things following the dollar signs as variables...And your user's password won't work.
In order to update the user definition on the slave, run the puppet agent manually (because I turned off auto-updating last time):
I can now login to my
mike user using the password I entered on the
openssl commandline above:
(Note: for those of you following along at home, last time I installed
tcsh as my shell. In the interim, I've
changed that so that I'm now using
fish as my shell, which matches what I use on my Mac laptop. However,
as you can see, it's not configured very well yet.)
I had wanted to include setting up SSH keys in this post, but I'm out of time for this morning. Gotta run to work. I'll follow up soon (sooner than last time, I promise!) with how I accomplished that feat.