ReleaseEngineering/How To/Reset a Password with Puppet: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "{{Release Engineering How To|Reset the cltbld Password with Puppet}} Passwords are stored in a hashed format alongside other user information. We do not put the hashes in a publi...")
 
No edit summary
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Release Engineering How To|Reset the cltbld Password with Puppet}}
{{Release Engineering How To|Reset the cltbld Password with Puppet}}
Passwords are stored in a hashed format alongside other user information. We do not put the hashes in a public location for hopefully obvious reasons - please make sure you don't do this by accident.
User passwords are stored in a hashed format alongside other user information. We do not put the hashes in a public location for hopefully obvious reasons - please make sure you don't do this by accident.


Let's say you want to update cltbld's password. First, you need to generate the new hash. You can do that by running the following:
Let's say you want to update cltbld's password. First, you need to generate the new hash. You can do that by running the following:
  makepasswd --clearfrom=- --crypt-md5
  openssl passwd -1
  # now type the password and hit ^D a couple times
  # now type the password and confirmation
Now, copy and paste that password into /etc/puppet/manifests/build/cltbld.pp as the 'password' for the cltbld user. Do this on all active puppet masters.  '''do not check this change in!'''
 
Now, copy and paste that password hash into /etc/puppet/manifests/secrets.pp as the 'password' for the cltbld user (/etc/puppet/production/manifests/extlookup on puppetagain masters). Do this on all active puppet masters.  '''do not check this change in!'''
 
Both the root and cltbld passwords can be updated this way.
 
Additional keys need to be set on puppetagain masters. [https://wiki.mozilla.org/ReleaseEngineering/PuppetAgain/Modules/users#Implementation More details here].

Latest revision as of 16:24, 5 March 2013

User passwords are stored in a hashed format alongside other user information. We do not put the hashes in a public location for hopefully obvious reasons - please make sure you don't do this by accident.

Let's say you want to update cltbld's password. First, you need to generate the new hash. You can do that by running the following: 

openssl passwd -1 
# now type the password and confirmation

Now, copy and paste that password hash into /etc/puppet/manifests/secrets.pp as the 'password' for the cltbld user (/etc/puppet/production/manifests/extlookup on puppetagain masters). Do this on all active puppet masters. do not check this change in!

Both the root and cltbld passwords can be updated this way.

Additional keys need to be set on puppetagain masters. More details here.

Retrieved from "https://wiki.allizom.org/index.php?title=ReleaseEngineering/How_To/Reset_a_Password_with_Puppet&oldid=536487"