We would be learning about, how to set password in clients via puppet in this post. This seems to be easy task, but believe me its not.
Before, we start setting up password for user, lets checkout for some of the important files in /etc/puppet on master server, auth.conf, fileserver.conf, puppet.conf.
We would be discussing as to how to share/transfer a file to client via puppet.
We will be putting all the files to share in /etc/puppet/files directory, if directory is not existing, we need to create it, its not necessary that we need to have same name, but we stick to it.
Edit file /etc/puppet/fileserver.conf
Add mentioned lines at end, you can also search MOUNT POINTS section and uncomment it, but is is wise to have it done at end of file.
Edit file /etc/puppet/auth.conf
Add mentioned lines below "path /file" section and not above it as it can implement extra security and would be hard for you to debug.
In our case 192.168.1.0/24 is private range and puppet.com as domain, set according to your convenience.
Edit file /etc/puppet/puppet.conf
In [main] section add the mentioned parameter
After doing all necessary changes, restart service for puppet master.
On master server : CentOS
Lets move onto setting up password in /etc/shadow file. We tried alot of methods to set password but eventually the method which worked is defined under.
First, we will create a sh file and place it in files folder in /etc/puppet.
This file basically, queries second field of /etc.shadow file and if returned with "!" it sets password, else does not executes change password command i.e chpasswd.
Create and edit file /etc/puppet/files/shadow.sh
Edit file /etc/puppet/modules/accounts/init.pp
In this file we will add file type and exec type under accounts class, file type will share/transfer file created in above step on the client and exec type will execute chpasswd on client along with username and password. To avoid password in shadow to overwritten again and again whenever the client is synchronized, an onlyif attribute is set, wherein with the help of above script file and the user name it will query the second field for "!" and if not returned with the same result, it will not execute chpasswd utility.
Also, to remember on the client there should be a directory templates, in our case Ubuntu is by default having it, so we transferred file onto that location, location can be anything according to your convenience, but be sure to point it to right location in file type and similarly using it in exec type.
Edit file /etc/puppet/manifests/nodes/client2.pp
Apply changes on the master to take effect.
On master server : CentOS
Let move on to client to fetch changes.
On client server : Ubuntu
Before, we start setting up password for user, lets checkout for some of the important files in /etc/puppet on master server, auth.conf, fileserver.conf, puppet.conf.
We would be discussing as to how to share/transfer a file to client via puppet.
We will be putting all the files to share in /etc/puppet/files directory, if directory is not existing, we need to create it, its not necessary that we need to have same name, but we stick to it.
Edit file /etc/puppet/fileserver.conf
Add mentioned lines at end, you can also search MOUNT POINTS section and uncomment it, but is is wise to have it done at end of file.
[files] path /etc/puppet/files allow *
Edit file /etc/puppet/auth.conf
Add mentioned lines below "path /file" section and not above it as it can implement extra security and would be hard for you to debug.
path ~ ^/file_(metadata|content)/files/ auth yes allow /^(.+\.)?puppet.com$/ allow_ip 192.168.1.0/24
In our case 192.168.1.0/24 is private range and puppet.com as domain, set according to your convenience.
Edit file /etc/puppet/puppet.conf
In [main] section add the mentioned parameter
pluginsync = true
After doing all necessary changes, restart service for puppet master.
On master server : CentOS
/etc/init.d/puppetmaster restart
Lets move onto setting up password in /etc/shadow file. We tried alot of methods to set password but eventually the method which worked is defined under.
First, we will create a sh file and place it in files folder in /etc/puppet.
This file basically, queries second field of /etc.shadow file and if returned with "!" it sets password, else does not executes change password command i.e chpasswd.
Create and edit file /etc/puppet/files/shadow.sh
#!/bin/bash rc=`/bin/grep $1 /etc/shadow | awk -F":" '($2 == "!")' | wc -l` if [ $rc -eq 0 ] then exit 1 else exit 0 fi
Edit file /etc/puppet/modules/accounts/init.pp
In this file we will add file type and exec type under accounts class, file type will share/transfer file created in above step on the client and exec type will execute chpasswd on client along with username and password. To avoid password in shadow to overwritten again and again whenever the client is synchronized, an onlyif attribute is set, wherein with the help of above script file and the user name it will query the second field for "!" and if not returned with the same result, it will not execute chpasswd utility.
Also, to remember on the client there should be a directory templates, in our case Ubuntu is by default having it, so we transferred file onto that location, location can be anything according to your convenience, but be sure to point it to right location in file type and similarly using it in exec type.
class accounts { file { '/etc/puppet/templates/shadow.sh': ensure => file, recurse => true, mode => "0777", source => "puppet:///files/shadow.sh", } @accounts::system { 'demo': comment => 'demo users', } exec { "demo": command => 'echo "demo:password@123" | chpasswd', provider => 'shell', onlyif => "/etc/puppet/templates/shadow.sh demo", } }
Edit file /etc/puppet/manifests/nodes/client2.pp
node 'client2.puppet.com' { include accounts realize (Accounts::System['demo']) }
Apply changes on the master to take effect.
On master server : CentOS
papply Notice: Compiled catalog for server.puppet.com in environment production in 0.16 seconds Notice: Finished catalog run in 0.11 seconds
Let move on to client to fetch changes.
On client server : Ubuntu
pagent Info: Retrieving plugin Info: Caching catalog for client2.puppet.com Info: Applying configuration version '1392108081' Notice: /Stage[main]/Accounts/Accounts::System[demo]/User[demo]/ensure: created Notice: /Stage[main]/Accounts/Exec[demo]/returns: executed successfully Notice: Finished catalog run in 3.05 seconds
No comments:
Post a Comment