Puppet patch pushed upstream!

January 23, 2012 by · Leave a Comment 

Thanks to everyone that helped. Especially Andrew, Tim, and Daniel.

The commit is here: https://github.com/puppetlabs/puppet/pull/338

Pushing the Puppet patch for FreeBSD password management upstream

December 13, 2011 by · 1 Comment 

I attended LISA in Boston last week and was able to talk to a few of the Puppet developers. This reminded me I needed to push this patch upstream.

I opened a ticket in the Puppet Bug tracker, 11318. Then I found out that someone by the nick of tdb had already incorporated our changes into another pull request that adds more functionality and some unit tests. So hopefully this will be committed soon and we can have this support upstream.

I just wanted to thank tdb for taking this work and running with it!

The Right Way(tm) to change password hashes on FreeBSD with Puppet

April 5, 2011 by · 3 Comments 

Describing what I really wanted to happen a coworker of mine, Andrew Hust, was able to help me write up the ruby to get it done. So without further delay:

http://freebsd.so14k.com/puppet/pw_managespasswords.diff

I will be sending this to the FreeBSD puppet port maintainer and submitting it as a patch to the port soon. I wanted to get it out there so we could get some feedback.

Update: See the new patch I posted in the comments.

Changing password hashes on FreeBSD with Puppet

February 17, 2011 by · 5 Comments 

I finally hacked together a Puppet recipe to update password hashes on FreeBSD!

Let me first say that I want to get native support for this to work like it should. According to this page: https://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Free_Bsd. FreeBSD is missing something in the shadow libraries. I have added a note to that comment requesting someone add more info, so that we can tackle that problem.

On to the solution..

I have a custom function called `setupuser’ to manage users/groups/homedirs. I inherited this function from a coworker, so I am not sure if it is the best or right way. It did happen to make tackling the problem easy. Here is the custom function:

define setupuser($realname, $username, $password, $uid, $gid, $groups = false, $shell, $homedir) {

        group { "$username":
                ensure => present,
                gid => $gid
        }

        user { "$username":
                require => Group[$username],
                ensure => present,
                password => $password,
                uid => $uid,
                gid => $gid,
                comment => "$realname",
                groups => $groups,
                home => "$homedir",
                shell => "$shell"
        }

        file { "$homedir":
                require => User[$username],
                ensure => directory,
                owner => $username,
                group => $username,
                mode => 0700
        }

        case $operatingsystem {
                freebsd: {
                        exec { "$username hash":
                                command => "echo '$password' | pw user mod $username -H 0",
                                unless => "grep -q '$username:$password:' /etc/master.passwd",
                                path => "/bin:/usr/sbin:/usr/bin",
                                require => User[$username],
                        }
                }
        }

}

For reference here is what a call to that function looks like:
(the hash has been modified of course)..

setupuser { "brd":
        realname => "Brad Davis",
        username => brd,
        password => '$1$fffffffffffffffffffffffffffffffffffff,
        uid => 2012,
        gid => 2012,
        groups => $admingroup,
        shell => $defaultshell,
        homedir => "/home/brd"
}