问题
I'm new to chef. Kindly help! I have tried this
user "newuser" do
password: xyz
end
and
user 'newuser' do
comment 'A random user'
uid '1234567'
gid '1234567'
home '/home/saxuser'
shell '/bin/bash'
password 'newpassword'
end
回答1:
The correct format for the user resource is the following:
user "newuser" do
password crypt_password
end
Keep in mind that the password must be in shadow format:
The password shadow hash. This property requires that ruby-shadow be installed. This is part of the Debian package: libshadow-ruby1.8.
See the Password Shadow Hash section to see how to generate the shadow password:
$ openssl passwd -1 "theplaintextpassword"
To generate the shadow password from the cookbook, you can use the openssl cookbook helpers to generate the salt:
Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)
password = 'xyz'
salt = random_password(length: 10)
crypt_password = password.crypt("$6$#{salt}")
user 'newuser' do
password crypt_password
end
Don't forget to include the openssl cookbook in your run list.
Anyway, keep in mind that this will generate a different salt in each chef run, so maybe it's not the best approach to use.
I also encourage you to read Noah's post about secrets management to learn appropriate ways to manage passwords with Chef.
来源:https://stackoverflow.com/questions/34808016/how-can-i-write-a-chef-recipe-to-create-a-new-user-and-password-in-the-nodes-aut