Sent from iCloud
Angela,Almost! From the looks of it, that’s an encrypted data bag, which you’ve stored on your Chef Server (unless you’re using Chef Solo, in which case this is different entirely).Assuming this is the `svc_goagent` item in the `users` data bag, here’s how I would do it:In Chef 12:plain_pass = data_bag_item('users', 'svc_goagent')['password']Chef 11 is a bit less nice:plain_pass = Chef::EncryptedDataBagItem.load('users', 'svr_goagent')['password']Then…encrypted_pass = `openssl passwd -l "#{plain_pass}"`user 'svc_goagent' dosupports :manage_home => truecomment 'Go agent user'uid 2333gid 2000home '/home/svc_goagent'shell '/bin/bash'password encrypted_passendMind, by the way, that the the flag for openssl passwd is a lowercase “L”, not the numeral 1.Take advantage of Chef’s own mechanisms as much as you can; lots of very smart folks have done lots of great work to make life easier for us.On March 4, 2015 at 9:05:33 AM, ANGELA EBIRIM ( " data-mce-href="mailto: "> ) wrote:
Hi Jeff,Thanks for the responses so far..Your reply is along the line of what I'm trying to do.so my code would be:-clever = '{"id": "svc_goagent","password": {"encrypted_data": "ro21vM1nle78CTBLSNyr40e2tM9VZiiSfbinDAvwZpKov3r9gokq6jStDeAH\nsyRs\n","iv": "PfWTKqKoc3OxO8WxTnW7Zg==\n","version": 1,"cipher": "aes-256-cbc"}}'parsed = JSON.parse(clever)x = parsed["password"]new_pass = %x(openssl passwd -1 "#{x}")user 'svc_goagent' dosupports :manage_home => truecomment 'Go agent user'uid 2333gid 2000home '/home/svc_goagent'shell '/bin/bash'password {"#{new_pass}"}endIs that correct?Sent from iCloud
On Mar 04, 2015, at 05:45 AM, Jeff Byrnes < > wrote:
Might even be able to have Ruby shell out to generate that:user 'foo' doaction :create…password { `openssl passwd -l 'plaintextpassword'` }endYou would want, I think, to not actually have the plain text password right there; I’d suggest perhaps using an encrypted data bag for the actual value there.Lastly though; why use passwords at all? Why not use SSH keys? Far simpler to manage…On March 4, 2015 at 8:27:33 AM, Fabien Delpierre ( " data-mce-href="mailto: "> ) wrote:
endpassword "$1$hLPHf35Y$.6m81pCpLfPHW/py5ee1Y."action :createuser "foo" doPut that in your code after password, like so:The correct method is to obtain the password's shadow hash and use that in your recipe.Hello,I've never seen this syntax so I'm not sure it's supported. It's definitely not in the docs for Chef's user resource at https://docs.chef.io/resource_user.html.$ openssl passwd -1 "plaintextpassword"That will return something like: $1$hLPHf35Y$.6m81pCpLfHrW/py5ee1Y.
...Hope this helps.FabienOn Wed, Mar 4, 2015 at 7:36 AM, ANGELA EBIRIM < " data-mce-href="mailto: "> > wrote:Hello everyone,I'd appreciate some assistance.I'm trying to create a user on a UNIX box with the following code:-user "svc_goagent" doaction :createcomment "go agent"uid 1234gid 2000home "home/svc_goagent"shell "/bin/bash"password "{"encrypted_data"=>"ro21vM1nle78CTBLSNyr40e2tM9VZiiSfbinDAvwZpKov3r9gokq6jStDeAH\nsyRs\n", "iv"=>"PfWTKqKoc3OxO8WxTnW7Zg==\n", "version"=>1, "cipher"=>"aes-256-cbc"}"supports :manage_home => trueendMy problem is when I put this into a recipe and then do a chef run, I get errors that prevent the user from being created. Can someone please tell me what is the code to pass an encrypted hash as a password for a new user?ThanksAngelaSent from iCloud
Archive powered by MHonArc 2.6.16.