How to pass hash password from ruby-block to user resource


#1

Hi All,

I am trying to implement a cookbook which would create users by reading
passwords from attributes file ( non hash password ex: root@123)

And for this, my cookbook is as follows :

  1. Contains of attributes file ( attributes/attr.rb )

default[‘my’][‘instance’][‘users’]=[{uid:
1004,user_name:‘m1’,homedir:’/home/m1’,password:‘root@111’},{uid:
1003,user_name:‘m2’,homedir:’/home/m2’,password:‘root@222’},{uid: 1002,
user_name:‘m3’,homedir:’/home/m3’,password:‘root@333’}]

  1. Recipe :

password_hash=’'
node[‘my’][‘instance’][‘users’].each do |each_user|
ruby_block “Generating hash password” do
block do
require 'digest/sha2’
password=each_user[‘password’]
salt=rand(36**8).to_s(36)
shadow_hash=password.crypt("6" + salt)
password_hash=shadow_hash
end
end

user each_user['user_name'] do
password "#{password_hash}"
home each_user['homedir']
system true
action :create
manage_home true
uid each_user['uid']
end

end

After execution of the cookbook, respective users are created appropriately but
passwords are set blank.

Looks like the variable which I am trying to access in the password attribute
of user resource is not correct.

Please let me how can I resolve this.

Note : In my case, I dont want to use databags

Thanks,
Pratik


#2

Brief answer, you should use lazy attribute for the password attribute of the user resource.

Something like password lazy {password_hash }

Without it the var is evaluated at compile time and so is nil as the ruby block did not run.

And you should use the each_user var in the ruby block name to avoid overriding it on each iteration.

Don’t hesitate to tell if it’s unclear :slight_smile:

---- pratik_gadiya@persistent.co.in a écrit ----

Hi All,

I am trying to implement a cookbook which would create users by reading
passwords from attributes file ( non hash password ex: root@123)

And for this, my cookbook is as follows :

  1. Contains of attributes file ( attributes/attr.rb )

default[‘my’][‘instance’][‘users’]=[{uid:
1004,user_name:‘m1’,homedir:’/home/m1’,password:‘root@111’},{uid:
1003,user_name:‘m2’,homedir:’/home/m2’,password:‘root@222’},{uid: 1002,
user_name:‘m3’,homedir:’/home/m3’,password:‘root@333’}]

  1. Recipe :

password_hash=’'
node[‘my’][‘instance’][‘users’].each do |each_user|
ruby_block “Generating hash password” do
block do
require 'digest/sha2’
password=each_user[‘password’]
salt=rand(36**8).to_s(36)
shadow_hash=password.crypt("6" + salt)
password_hash=shadow_hash
end
end

user each_user[‘user_name’] do
password "#{password_hash}"
home each_user[‘homedir’]
system true
action :create
manage_home true
uid each_user[‘uid’]
end
end

After execution of the cookbook, respective users are created appropriately but
passwords are set blank.

Looks like the variable which I am trying to access in the password attribute
of user resource is not correct.

Please let me how can I resolve this.

Note : In my case, I dont want to use databags

Thanks,
Pratik


#3

Please don’t cross-post to SO and the ML at the same time. Means twice as many people will spend the time to answer you when either one would be just fine.

–Noah

On Sep 30, 2014, at 12:08 PM, pratik_gadiya@persistent.co.in pratik_gadiya@persistent.co.in wrote:

Hi All,

I am trying to implement a cookbook which would create users by reading
passwords from attributes file ( non hash password ex: root@123)

And for this, my cookbook is as follows :

  1. Contains of attributes file ( attributes/attr.rb )

default[‘my’][‘instance’][‘users’]=[{uid:
1004,user_name:‘m1’,homedir:’/home/m1’,password:‘root@111’},{uid:
1003,user_name:‘m2’,homedir:’/home/m2’,password:‘root@222’},{uid: 1002,
user_name:‘m3’,homedir:’/home/m3’,password:‘root@333’}]

  1. Recipe :

password_hash=’'
node[‘my’][‘instance’][‘users’].each do |each_user|
ruby_block “Generating hash password” do
block do
require 'digest/sha2’
password=each_user[‘password’]
salt=rand(36**8).to_s(36)
shadow_hash=password.crypt("6" + salt)
password_hash=shadow_hash
end
end

user each_user[‘user_name’] do
password "#{password_hash}"
home each_user[‘homedir’]
system true
action :create
manage_home true
uid each_user[‘uid’]
end
end

After execution of the cookbook, respective users are created appropriately but
passwords are set blank.

Looks like the variable which I am trying to access in the password attribute
of user resource is not correct.

Please let me how can I resolve this.

Note : In my case, I dont want to use databags

Thanks,
Pratik


#4

Thanks for your response Tensibai. The answer was quite clear for my query :slight_smile:

Regards,
~Pratik

From: Tensibai Zhaoying [mailto:tensibai@iabis.net]
Sent: 01 October 2014 01:26
To: chef@lists.opscode.com
Subject: [chef] Re: How to pass hash password from ruby-block to user resource

Brief answer, you should use lazy attribute for the password attribute of the user resource.

Something like password lazy {password_hash }

Without it the var is evaluated at compile time and so is nil as the ruby block did not run.

And you should use the each_user var in the ruby block name to avoid overriding it on each iteration.

Don’t hesitate to tell if it’s unclear :slight_smile:

---- pratik_gadiya@persistent.co.inmailto:pratik_gadiya@persistent.co.in a écrit ----

Hi All,

I am trying to implement a cookbook which would create users by reading
passwords from attributes file ( non hash password ex: root@123tel:123)

And for this, my cookbook is as follows :

  1. Contains of attributes file ( attributes/attr.rb )

default[‘my’][‘instance’][‘users’]=[{uid:
1004tel:1004,user_name:‘m1’,homedir:’/home/m1’,password:‘root@111tel:111’},{uid:
1003tel:1003,user_name:‘m2’,homedir:’/home/m2’,password:‘root@222tel:222’},{uid: 1002tel:1002,
user_name:‘m3’,homedir:’/home/m3’,password:‘root@333tel:333’}]

  1. Recipe :

password_hash=’'
node[‘my’][‘instance’][‘users’].each do |each_user|
ruby_block “Generating hash password” do
block do
require 'digest/sha2’
password=each_user[‘password’]
salt=rand(36**8).to_s(36)
shadow_hash=password.crypt("6" + salt)
password_hash=shadow_hash
end
end

user each_user['user_name'] do

password "#{password_hash}"
home each_user[‘homedir’]
system true
action :create
manage_home true
uid each_user[‘uid’]
end
end

After execution of the cookbook, respective users are created appropriately but
passwords are set blank.

Looks like the variable which I am trying to access in the password attribute
of user resource is not correct.

Please let me how can I resolve this.

Note : In my case, I dont want to use databags

Thanks,
Pratik

DISCLAIMER

This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.


#5

Hi Noah,

Thanks for the heads up. Will take care of it.

Regards,
Pratik

-----Original Message-----
From: Noah Kantrowitz [mailto:noah@coderanger.net]
Sent: 01 October 2014 01:59
To: chef@lists.opscode.com
Subject: [chef] Re: How to pass hash password from ruby-block to user resource

Please don’t cross-post to SO and the ML at the same time. Means twice as many people will spend the time to answer you when either one would be just fine.

–Noah

On Sep 30, 2014, at 12:08 PM, pratik_gadiya@persistent.co.in pratik_gadiya@persistent.co.in wrote:

Hi All,

I am trying to implement a cookbook which would create users by
reading passwords from attributes file ( non hash password ex:
root@123)

And for this, my cookbook is as follows :

  1. Contains of attributes file ( attributes/attr.rb )

default[‘my’][‘instance’][‘users’]=[{uid:
1004,user_name:‘m1’,homedir:’/home/m1’,password:‘root@111’},{uid:
1003,user_name:‘m2’,homedir:’/home/m2’,password:‘root@222’},{uid:
1002, user_name:‘m3’,homedir:’/home/m3’,password:‘root@333’}]

  1. Recipe :

password_hash=’'
node[‘my’][‘instance’][‘users’].each do |each_user|
ruby_block “Generating hash password” do
block do
require 'digest/sha2’
password=each_user[‘password’]
salt=rand(36**8).to_s(36)
shadow_hash=password.crypt("6" + salt)
password_hash=shadow_hash
end
end

user each_user[‘user_name’] do
password "#{password_hash}"
home each_user[‘homedir’]
system true
action :create
manage_home true
uid each_user[‘uid’]
end
end

After execution of the cookbook, respective users are created
appropriately but passwords are set blank.

Looks like the variable which I am trying to access in the password
attribute of user resource is not correct.

Please let me how can I resolve this.

Note : In my case, I dont want to use databags

Thanks,
Pratik

DISCLAIMER

This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.