如何编写厨师食谱以自动在节点中创建新用户和密码? [英] How can I write a chef recipe to create a new user and password in the Nodes automatically?
问题描述
我是厨师新手。请帮助!我已经尝试过
I'm new to chef. Kindly help! I have tried this
user "newuser" do
password: xyz
end
和
user 'newuser' do
comment 'A random user'
uid '1234567'
gid '1234567'
home '/home/saxuser'
shell '/bin/bash'
password 'newpassword'
end
推荐答案
user
资源的正确格式如下:
The correct format for the user
resource is the following:
user "newuser" do
password crypt_password
end
请记住密码必须为影子格式:
Keep in mind that the password must be in shadow format:
密码阴影哈希。此属性要求安装红宝石阴影。这是Debian软件包的一部分:libshadow-ruby1.8。
The password shadow hash. This property requires that ruby-shadow be installed. This is part of the Debian package: libshadow-ruby1.8.
请参见 密码影子哈希部分,了解如何生成影子密码:
See the Password Shadow Hash section to see how to generate the shadow password:
$ openssl passwd -1 "theplaintextpassword"
要从食谱生成影子密码,可以使用 openssl
烹饪助手来生成盐:
To generate the shadow password from the cookbook, you can use the openssl
cookbook helpers to generate the salt:
Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)
password = 'xyz'
salt = random_password(length: 10)
crypt_password = password.crypt("$6$#{salt}")
user 'newuser' do
password crypt_password
end
别忘了在您的ru中包含 openssl
食谱n列表。
Don't forget to include the openssl
cookbook in your run list.
无论如何,请记住,每次厨师运行都会产生不同的盐,所以也许这不是最佳的使用方法。
Anyway, keep in mind that this will generate a different salt in each chef run, so maybe it's not the best approach to use.
我还建议您阅读关于信息管理的诺亚帖子了解使用Chef管理密码的适当方法。
I also encourage you to read Noah's post about secrets management to learn appropriate ways to manage passwords with Chef.
这篇关于如何编写厨师食谱以自动在节点中创建新用户和密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!