When I commission a new Raspberry Pi, I want Puppet to change the password from the default. However, I do NOT want the password changed subsequently. I am therefore trying to create an external fact that is tested, with the code being executed only if the fact is false. I also have a hiera file for each machine that indicates whether this should be done in the first place.
My code (with salt & hashed password changed):
class pi_user::password {
if hiera('pi_password_wanted') {
unless $facts['pi_password_done'] {
$host=$facts['hostname']
notice "Adding pi password for ${host}"
file { '/etc/facter/facts.d/pi_password_done.txt':
ensure => 'present',
content => 'pi_password_done=true
',
}
notice "Added password done file for ${host}"
user { 'pi':
password => '$6$salt$hash',
}
notice "Set password for ${host}"
}
}
}
Running this on the Pi gives:
root@pi245:/home/dr# rm /etc/facter/facts.d/pi_password_done.txt
root@pi245:/home/dr# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for pi245.lan.davies.systems
Info: Applying configuration version '1487948379'
Notice: /Stage[main]/Pi_user::Password/File[/etc/facter/facts.d/pi_password_done.txt]/ensure: defined content as '{md5}3e0303548baed7b48b699777a3825360'
Notice: Applied catalog in 4.76 seconds
And /var/log/syslog on the master contains:
Feb 24 14:59:39 puppet puppet-master[31892]: (Scope(Class[Pi_user::Password])) Adding pi password for pi245
Feb 24 14:59:39 puppet puppet-master[31892]: (Scope(Class[Pi_user::Password])) Added password done file for pi245
Feb 24 14:59:39 puppet puppet-master[31892]: (Scope(Class[Pi_user::Password])) Set password for pi245
The external fact file is created, but the password is not changed. /etc/shadow's time stamp does not change. I thought I had this working on 4.8.1, but the most recent download is 4.8.2. I get the same symptoms with both versions of Puppet master.
What should I look at, please?
TIA & regards,
John Davies
↧