On Mon, 2008-09-08 at 11:49 -0500, Mike McGrath wrote:
On Mon, 8 Sep 2008, Seth Vidal wrote:
> On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote:
> > On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath(a)redhat.com>
wrote:
> > > So I'm going to hold a couple more training seminars for Puppet in
> > > Fedora's Infrastructure. I was hoping you guys could also throw some
> > > questions together so i make sure I don't miss anything.
> > >
> >
> > Are the old seminars up somewhere? My whole look at puppet is from
> > 30k. I know more about cfengine .. which has made me look at some of
> > the 'limitations' of puppet as 'huh?' versus purposeful design
> > decisions. Heck I don't even know how to make a root password across a
> > cluster :).
>
>
> don't feel bad, no one else does, either.
>
> Not without leaving the crypted password all over the logs.
>
> Well, to be fair, there's a way to do it, it's just hurky and feels
> silly.
>
I was kind of irked about that too. I'm going to file a ticket to make
sure this gets handled. Really I guess it'd be nice to have a
logDiff => false
option where it'd at least let you know something happened but not what if
it was explicitly listed. There's other uses for this besides just root
passwords.
The way I worked out to do it is a bit silly but you put the crypted
password in a file somewhere in /etc or /root
and you just have that file in config_files or private (or as a
template) and then a cron job goes through and takes that value and sets
it in /etc/shadow using lpasswd or chpasswd
not pretty but it will keep the crypted pw from showing up in a log
-sv