Raskas’ blog

Managing user passwords with Puppet on CentOs

If you try to manage users and there passwords with puppet on CentOs you will receive the error explained by “Known issues” on following page: Puppet on RedHat/CentOS. That page also describes the solution: install the libshadow package on the client.
It is not that easy because there is not yet an rpm of the ruby shadow libraries for CentOs.

“Not yet” because there IS a ruby-shadow rpm available in fedora (see: https://bugzilla.redhat.com/show_bug.cgi?id=240008).

So we only need to download and rebuild it:wget http://download.fedora.redhat.com/pub/fedora/linux/extras/6/SRPMS/ruby-shadow-1.4.1-6.fc6.src.rpm rpmbuild --rebuild ruby-shadow-1.4.1-6.fc6.src.rpm

Once we have that rebuilded rpm we can install it on all our puppet-clients. Off course we are not going to do this manually but use puppet for it .
If you have a local repository you can just add the package, but this is not yet the case for my setup so we need some extra rules.
Here is a snippet of puppet manifest:

class ruby-shadow {
   package {
      "ruby-shadow":
         ensure   => installed,
         provider => rpm,
         source   => "/tmp/ruby-shadow-1.4.1-6.i386.rpm",
         require  => file["/tmp/ruby-shadow-1.4.1-6.i386.rpm"],
   }

   file {
      "/tmp/ruby-shadow-1.4.1-6.i386.rpm":
         source => "puppet://puppetmaster/files/ALL/tmp/ruby-shadow-1.4.1-6.i386.rpm"
   }
}

class users {
   include ruby-shadow
   user {
      "root":
         ensure   => present,
         name     => "root",
         password => "SomeAlreadyEncryptedPassword";
   }
}

With this code it will require 2 runs of the puppet client. Even if you add a require in the user section for the ruby-shadow package 2 runs are necessary. Don’t know if this is a bug or a feature…

This entry was posted on Monday, September 10th, 2007 at 18:32 and is filed under puppet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Comments

Jeff said:
September 27th, 2007
I don’t seem to be able to build ruby-shadow:

tmp]# rpmbuild –rebuild ruby-shadow-1.4.1-1.rf.src.rpm
Installing ruby-shadow-1.4.1-1.rf.src.rpm
warning: user dag does not exist – using root
warning: group dag does not exist – using root
warning: user dag does not exist – using root
warning: group dag does not exist – using root
warning: user dag does not exist – using root
warning: group dag does not exist – using root
warning: user dag does not exist – using root
warning: group dag does not exist – using root
error: Failed build dependencies:
ruby(abi) = 1.8 is needed by ruby-shadow-1.4.1-1.rf.i386

Here is my list of ruby packages:

[root@util00-hq tmp]# yum list|grep ruby
ruby.i386 1.8.1-7.EL4.8 installed
ruby-devel.i386 1.8.1-7.EL4.8 installed
ruby-libs.i386 1.8.1-7.EL4.8 installed
ruby-rpm.i386 1.2.3-1.el4 installed

Any Ideas?
Johan Huysmans said:
September 28th, 2007
I also have ruby-irb installed.
ruby-rdoc is also installed which is necessary if you want the –help of the puppet commands.
Jimmy Harris said:
October 9th, 2007
There is now ruby-shadow pages available from the RPMForge repository – http://dag.wieers.com/rpm/packages/ruby-shadow/. It’s only available for RedHat/CentOS 5 but both x86 and x86_64 rpms are provided and yum will install it if you have the repository configured.

Jeff, not sure what OS you are using but the Ruby packages provided with RedHat/CentOS 4 don’t support the ruby(abi) that is required. You can either compile your own, or move to RedHat/CentOS 5.
quotemaster fresh said:
August 20th, 2008
Copying and pasting this code horks a lot of the quotes. Bewarez!!!!
lance said:
March 19th, 2009
If you install src rpm instead (rpm -i ruby-shadow*.src.rpm), then edit the spec file, add the following line:

%define el4 1

redhat4 doesn’t have a ruby(abi). Defining el4 prevented that from being a requirement.