How to pass hash password from ruby-block to user resource

Question

I am trying to implement a cookbook which would create users by reading passwords from attributes file ( non hash password ex: root@123)

And for this, my cookbook is as follows :

Contents of attributes file ( attributes/attr.rb )

default['my']['instance']['users'] = [
  {uid: 1004,user_name:'m1',homedir:'/home/m1',password:'root@111'}
  {uid: 1003,user_name:'m2',homedir:'/home/m2',password:'root@222'},
  {uid: 1002, user_name:'m3',homedir:'/home/m3',password:'root@333'}
]

Recipe :

password_hash=''
node['my']['instance']['users'].each do |each_user|
    ruby_block "Generating hash password" do
        block do
            require 'digest/sha2'
            password=each_user['password']
            salt=rand(36**8).to_s(36)
            shadow_hash=password.crypt("$6$" + salt)
            password_hash=shadow_hash
        end
    end

    user each_user['user_name'] do
        password "#{password_hash}"
        home each_user['homedir']
        system true
        action :create
        manage_home true
        uid each_user['uid']
    end
end

After execution of the cookbook, respective users are created appropriately but passwords are set blank.

Looks like the variable which I am trying to access in the password attribute of user resource is not correct.

Please let me how can I resolve this.

Note: In my case, I don't want to use databags.

score 1 · Answer 1 · answered Sep 30 '14 at 19:30

1

You don't need to put that code in a ruby_block, just have it in the normal loop and you'll be fine.

answered Sep 30 '14 at 19:30

coderanger

52,400
4
52
75

score 0 · Answer 2 · answered Sep 30 '14 at 23:11

I think using ruby_bloque is a good practice . you just have to inform the provider change the variable . eg

password_hash=''
node['my']['instance']['users'].each do |each_user|
    ruby_block "Generating hash password" do
        block do
            require 'digest/sha2'
            password=each_user['password']
            salt=rand(36**8).to_s(36)
            shadow_hash=password.crypt("$6$" + salt)
            password_hash=shadow_hash
            user_resource = resources("user[#{each_user['user_name']}]")
            user_resource.password password_hash
        end
    end

    user each_user['user_name'] do
        password "#{password_hash}"
        home each_user['homedir']
        system true
        action :create
        manage_home true
        uid each_user['uid']
    end
end

sorry for my english. Best regards.

I may be missing something, but I'm pretty sure each user will end up with the same password as the ruby_block is named the same on each iteration. Naming it `Generating hash password for #{each_user['user_name']}` should do the trick. — Tensibai, Oct 03 '14 at 16:23
The only resource that should not repeat name, is the resource user, so that the code works. But if we make the change you suggest we avoid the warn (CHEF-3694). I test the code with test-kitchen Best Regards — Psyreactor, Oct 03 '14 at 17:02

score 0 · Answer 3 · answered Oct 01 '14 at 18:31

0

The password_hash variable is local scope to your ruby block, and thus not accessible in the user block. You can actually move all that ruby for creating the hash directly into the use block.

answered Oct 01 '14 at 18:31

Tejay Cardon

4,193
2
16
31

These lines send the hash_password variable, to resource user `user_resource = resources("user[#{each_user['user_name']}]") user_resource.password password_hash` – Psyreactor Oct 03 '14 at 17:06

How to pass hash password from ruby-block to user resource

3 Answers3