More puppet training!

Mon Sep 8 18:44:41 UTC 2008

On Mon, Sep 8, 2008 at 10:52 AM, Seth Vidal <skvidal at fedoraproject.org> wrote:
> On Mon, 2008-09-08 at 11:49 -0500, Mike McGrath wrote:
>> On Mon, 8 Sep 2008, Seth Vidal wrote:
>>
>> > On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote:
>> > > On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath at redhat.com> wrote:
>> > > > So I'm going to hold a couple more training seminars for Puppet in
>> > > > Fedora's Infrastructure.  I was hoping you guys could also throw some
>> > > > questions together so i make sure I don't miss anything.
>> > > >
>> > >
>> > > Are the old seminars up somewhere? My whole look at puppet is from
>> > > 30k. I know more about cfengine .. which has made me look at some of
>> > > the 'limitations' of puppet as 'huh?' versus purposeful design
>> > > decisions. Heck I don't even know how to make a root password across a
>> > > cluster :).
>> >
>> >
>> > don't feel bad, no one else does, either.
>> >
>> > Not without leaving the crypted password all over the logs.
>> >
>> > Well, to be fair, there's a way to do it, it's just hurky and feels
>> > silly.
>> >
>>
>> I was kind of irked about that too.  I'm going to file a ticket to make
>> sure this gets handled.  Really I guess it'd be nice to have a
>>
>> logDiff => false
>>
>> option where it'd at least let you know something happened but not what if
>> it was explicitly listed.  There's other uses for this besides just root
>> passwords.
>>
>
> The way I worked out to do it is a bit silly but you put the crypted
> password in a file somewhere in /etc or /root
>
> and you just have that file in config_files or private (or as a
> template) and then a cron job goes through and takes that value and sets
> it in /etc/shadow using lpasswd or chpasswd
>
> not pretty but it will keep the crypted pw from showing up in a log
> -sv
>

Ugh. Is there a way to integrate this with augeus or something? Having
to assume you can protect a second file for root or having secure file
diff's logged sounds like a long term nightmare. However thats outside
of probably the class :).

-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"