- From: Kapil Shardha <
>
- To: "
" <
>
- Subject: [chef] RE: Re: RE: Re: RE: Re: Chef User resource Password attribute
- Date: Mon, 31 Mar 2014 19:15:30 +0000
- Accept-language: en-US
Thanks Daniel!
-Kapil
-----Original Message-----
From: Daniel DeLeo
[mailto:
On Behalf Of Daniel DeLeo
Sent: Monday, March 31, 2014 2:23 PM
To:
Subject: [chef] Re: RE: Re: RE: Re: Chef User resource Password attribute
The simplest thing is to just not use the ruby_block if you don’t need it.
You only need to use ruby_block to force code to execute at converge time,
which shouldn’t be required if you are just fetching data bag items. In the
examples
http://docs.opscode.com/dsl_recipe_method_data_bag.html#examples the
data bag code is at the top level of the recipe so it gets executed at
compile time, which is normally what you want.
--
Daniel DeLeo
On Monday, March 31, 2014 at 11:14 AM, Kapil Shardha wrote:
>
Thanks Daniel! My goal is to use password that I have set in the encrypted
>
data bag. Is there a way around it to achieve this goal?
>
>
-Kapil
>
>
>
>
-----Original Message-----
>
From: Daniel DeLeo
>
[mailto:
>
On Behalf Of Daniel
>
DeLeo
>
Sent: Monday, March 31, 2014 2:09 PM
>
To:
>
>
>
(mailto:
)
>
Subject: [chef] Re: RE: Re: Chef User resource Password attribute
>
>
This is a compile time/converge time issue. The value of `password
>
"#{node['temp_pass']}”` is set when the recipes are compiled, and then your
>
ruby block is setting/changing the value of `node['temp_pass’]` after that,
>
which will have no effect.
>
>
--
>
Daniel DeLeo
>
>
>
On Monday, March 31, 2014 at 11:05 AM, Kapil Shardha wrote:
>
>
> Kenneth,
>
>
>
> I am setting the attribute in the same recipe but in an earlier
>
> ruby_block. The printLocalAdminPass ruby_block prints the right password :
>
>
>
> ruby_block "getLocalAdminPass" do
>
> block do
>
> secret = Chef::EncryptedDataBagItem.load_secret(secret_file_path)
>
> app_local_admin_pass =
>
> Chef::EncryptedDataBagItem.load(node['databag_name'],
>
> "app_local_admin_pass", secret) node.default['temp_app_pass'] =
>
> app_local_admin_pass["pass"] end end
>
>
>
> ruby_block "printLocalAdminPass" do
>
> block do
>
> pass = node['temp_app_pass']
>
> puts "------> Local Admin password is : " + pass
>
>
>
> end
>
> end
>
>
>
>
>
> When I manually (in GUI) try to create a user with the same password
>
> (“Password#1”) that is set in the above ruby_block, it works fine. I
>
> tried removing quotes around it but it does not work.
>
>
>
>
>
> Thanks
>
>
>
> -Kapil
>
>
>
>
>
>
>
> From: Kenneth Barry
>
> [mailto:
>
> Sent: Monday, March 31, 2014 1:58 PM
>
> To:
>
>
>
>
>
> (mailto:
)
>
> Subject: [chef] Re: Chef User resource Password attribute
>
>
>
> This might seem like a stupid question, but
>
> 1) are you setting that attribute some toher palce?
>
>
>
> 2) are you trying to set it to a password which would meet the password
>
> requirements as the warning would give reason to believe it is not?
>
>
>
> 3) Have you trying doing things just as you have them now but removing
>
> the quotes around the password attribute call?
>
>
>
>
>
> On Mon, Mar 31, 2014 at 10:39 AM, Kapil Shardha
>
> <
>
>
>
> (mailto:
)>
>
> wrote:
>
> > I am trying to use Chef User resource to create a user on Windows
>
> > platform. The password attribute is set like following:
>
> >
>
> > user "TestUser" do
>
> > password "#{node['temp_pass']}"
>
> > action :create
>
> > end
>
> >
>
> > where the ‘node[temp_pass]’ attribute is being set in a prior
>
> > ruby_block resource. I get following error :
>
> >
>
> > Compiled Resource:
>
> > ------------------
>
> > # Declared in
>
> > c:/chef/cache/cookbooks/UserCookbook/recipes/user_creation.rb:86:
>
> > in `from_file'
>
> >
>
> > user("TestUser") do
>
> > action [:create]
>
> > supports {:manage_home=>false, :non_unique=>false} retries 0
>
> > retry_delay 2 username "TestUser"
>
> > cookbook_name " UserCookbook"
>
> > recipe_name " user_creation"
>
> >
>
> > “ArgumentError: The password does not meet the password policy
>
> > requirements.Check the minimum password length, password complexity and
>
> > password history requirements”.
>
> >
>
> > I think the node attribute is not being resolved within the user
>
> > resource. I wanted to confirm if the password attribute can be set to
>
> > accept password string from a node attribute. Any idea?
>
> >
>
> > Thanks
>
> >
>
> > -Kapil
>
> >
>
> >
>
> >
>
> >
>
> > This email and any accompanying documents may contain privileged or
>
> > otherwise confidential information of, and/or is the property of
>
> > Education Management Solutions, Inc. If you are not the intended
>
> > recipient, please immediately advise the sender by reply email & delete
>
> > the message & any attachments without using, copying or disclosing the
>
> > contents. Thank you.
>
>
>
>
>
>
>
>
>
>
>
> This email and any accompanying documents may contain privileged or
>
> otherwise confidential information of, and/or is the property of
>
> Education Management Solutions, Inc. If you are not the intended
>
> recipient, please immediately advise the sender by reply email & delete
>
> the message & any attachments without using, copying or disclosing the
>
> contents. Thank you.
>
>
>
>
________________________________
>
>
This email and any accompanying documents may contain privileged or
>
otherwise confidential information of, and/or is the property of Education
>
Management Solutions, Inc. If you are not the intended recipient, please
>
immediately advise the sender by reply email & delete the message & any
>
attachments without using, copying or disclosing the contents. Thank you.
________________________________
This email and any accompanying documents may contain privileged or otherwise
confidential information of, and/or is the property of Education Management
Solutions, Inc. If you are not the intended recipient, please immediately
advise the sender by reply email & delete the message & any attachments
without using, copying or disclosing the contents. Thank you.
Archive powered by MHonArc 2.6.16.