1

I'm using vagrant+puppet to provision a precise32 VirtualBox server to add users programatically. I've got everything working but I can't seem to set the password automatically by puppet. Here's my puppet script:

package { "ruby-shadow":
  name => "libshadow-ruby1.8",
  ensure => installed,
}
user { 'biff':
  home       => '/home/biff',
  shell      => '/bin/bash',
  uid        => 201,
  managehome => 'true',
  password   => '$6$kxHLEuHW$zHRAZcVLu0XzukqU79bT.PEg./FfcloJiWmlH2rf.Lmnyke7uAaHkQTXvErqikWeraSiHFBwDSMDV4hRImqjr7.',
  groups     => ['sudo', ],
  requires   => Package['ruby-shadow'],
}

To get the hash $6$kx..., I logged into the virtual machine, ran sudo passwd biff to set the password with the system, and then copied the hashed password (second field in /etc/shadow) into the puppet script above. After removing the user to reset the password and rerunning the puppet script, the password isn't set and I can't login at all:

[precise32]$ sudo grep biff /etc/shadow
biff:!:15862:0:99999:7:::

In fact, it looks like the user biff has been locked out of the system (/etc/shadow explanation). Do I have the correct hash set as the password variable? How do you figure out what that is?

It looks like one approach might be to run usermod after the fact to set the password, but that seems to be against the entire point of using puppet in the first place. Any ideas?

Community
  • 1
dino
  • 121
  • 3
  • anyone care to comment what the down-vote was for? – dino Jun 10 '13 at 16:08
  • 1
    working this exact issue now...if you were able to solve it i'd love to hear how... – peelman Jun 12 '13 at 19:24
  • I was never able to figure out how to set the `password` argument as above, but I was able to get it to work using the `usermod` trick [see last link at the end]. If you get it to work, please post your answer; I'm stumped! – dino Jun 13 '13 at 13:49
  • Mine ended up being an issue with the test box i was using; the lib crypt library wasn't installed correctly. I downloaded a different vagrant box and it worked beautifully. – peelman Jun 13 '13 at 20:09
  • care to post your solution? I thought I installed lib crypt but perhaps I'm mistaken. Thanks! – dino Jun 13 '13 at 23:03
  • I did already. I used `vagrant box add "new box name" http://boxurl.com` and pulled a new box. You can find a whole bunch of them at http://www.vagrantbox.es. – peelman Jun 14 '13 at 12:52

2 Answers2

0

The vagrant box you're using may be using ruby libraries in /opt/vagrant_ruby/lib/1.8/ and not using any system-installed ruby libraries. Check if your vagrant box has a file at /etc/profile.d/vagrant_ruby.sh. If it does, that's what's overriding which puppet command to use, which then determines which ruby libraries to use. Try removing that file ;) If things still work (after installing puppet and libshadow-ruby to the system), repackage the box with vagrant package and re-use that as your precise32 box.

I'm sure there were many good reasons to usr /opt/vagrant_ruby, but it's missing a pretty important library and makes it a little confusing when using other tools inside the box which pull in ruby libraries.

addumb
  • 1
  • 1
0

Puppet will fail to set the password unless the libshadow gem is present, as this is required to work with shadow passwords. IIRC there is an error message about the provider. libshadow requires mkmf.rb to be installed, which can be found in the packages libruby2.0, ruby1.9.1-dev or ruby1.8-dev (depending on your ruby version)

I have this in my manifest: package { "ruby1.9.1-dev": ensure => installed; "libshadow": ensure => installed, require => Package['ruby1.9.1-dev'], provider => gem; }

FuePi
  • 101
  • 1