I am managing my ec2 application instances using puppet and that involves user management also. But recently i noticed a bug that i cant able to login with any of the username's i added through puppet. After checking on one of the corrupted instance (i used keys in this case) i found that /etc/shadow password field (2nd column) is blank .i.e no hashed password in it. I couldn't find out the reason why hashed passwords are not updated with user creation..because i have hashed password provided in the user module.. believe me i am using a very simple puppet 'user' module but for some reason its not updating passwords for the users.
Note: The module is working fine on my local machine (Centos 6.3)
Here is my 'user.pp' module and logs:
1)Attaching user.pp.
2)Puppet run logs:
mnotice: /Usertgrochowicz/ensure: created mnotice: /Userjpollard/ensure: created mnotice: /Userbottle/ensure: created mnotice: /Userjburgar/ensure: created mnotice: /Userrahul/ensure: created mnotice: /Userjfenocchi/ensure: created mnotice: /Userdwhite/ensure: created mnotice: /Userbporter/ensure: created mnotice: /Userasavarin/ensure: created mnotice: /Userehalfin/ensure: created mnotice: Finished catalog run in 1.69 seconds mnotice: Finished catalog run in 0.21 seconds 3) File /etc/shadow entries created:
tgrochowicz:!!:15956:0:99999:7::: jpollard:!!:15956:0:99999:7::: bottle:!!:15956:0:99999:7::: jburgar:!!:15956:0:99999:7::: rahul:!!:15956:0:99999:7::: jfenocchi:!!:15956:0:99999:7::: dwhite:!!:15956:0:99999:7::: bporter:!!:15956:0:99999:7::: asavarin:!!:15956:0:99999:7::: ehalfin:!!:15956:0:99999:7::: 4) Os version and archit:
ec2-user@ip-10-100-38-78 ~$ uname -r 3.4.43-43.43.amzn1.x86_64 ec2-user@ip-10-100-38-78 ~$ uname -a Linux ip-10-100-38-78 3.4.43-43.43.amzn1.x86_64 #1 SMP Mon May 6 18:04:41 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Any idea why this module is not able to update password from my module on ec2 instance ?
My apologies i wasn't aware that this is not a forum. Here is the update on my question:
I agree..and i forgot to tell that ruby-shadow is already installed as pre-requisiste to 'user' module. Still the /etc/shadow password fields are blank. I have no clue what is blocking puppet.. any idea ?
Here are the command logs that says ruby-shadow is installed and initiated:
[root@ip-10-100-39-44 ~]# ruby -e "require 'puppet' ; puts Puppet.features.libshadow?" true [root@ip-10-100-39-44 ~]# rpm -qa | grep ruby-shadow ruby-shadow-1.4.1-15.2.amzn1.x86_64 And here are the puppet logs thats' shows package 'ruby-shadow' installed before "user" module:
[root@ip-10-100-39-44 ~]# less /var/log/messages *(/Stage[main]/Packages/Yumrepo[epel]/enabled) enabled changed '0' to '1' Sep 20 03:08:50 ip-10-100-39-44 yum[2631]: Installed: ruby-shadow-1.4.1-15.2.amzn1.x86_64 Sep 20 03:08:51 ip-10-100-39-44 puppet-apply[2471]: (/Stage[main]/Packages/Package[ruby-shadow]/ensure) created* *(/Stage[main]/Env::Sshd/Augeas[PasswordAuthentication]/returns) executed successfully Sep 20 03:10:32 ip-10-100-39-44 puppet-apply[2471]: (/Stage[main]/Env::Sshd/Service[sshd]) Triggered 'refresh' from 1 events Sep 20 03:10:38 ip-10-100-39-44 puppet-apply[2471]: (/Stage[main]//Exec[wait_for_5_sec]/returns) executed successfully Sep 20 03:10:38 ip-10-100-39-44 puppet-apply[2471]: (/User[bporter]/ensure) created Sep 20 03:10:38 ip-10-100-39-44 puppet-apply[2471]: (/User[asavarin]/ensure) created Sep 20 03:10:39 ip-10-100-39-44 puppet-apply[2471]: (/User[ehalfin]/ensure) created Sep 20 03:10:39 ip-10-100-39-44 puppet-apply[2471]: (/User[jpollard]/ensure) created Sep 20 03:10:39 ip-10-100-39-44 puppet-apply[2471]: (/User[bottle]/ensure) created Sep 20 03:10:39 ip-10-100-39-44 puppet-apply[2471]: (/User[jburgar]/ensure) created Sep 20 03:10:39 ip-10-100-39-44 puppet-apply[2471]: (/User[rahul]/ensure) created Sep 20 03:10:39 ip-10-100-39-44 puppet-apply[2471]: (/User[tgrochowicz]/ensure) created Sep 20 03:10:40 ip-10-100-39-44 puppet-apply[2471]: (/User[jfenocchi]/ensure) created Sep 20 03:10:40 ip-10-100-39-44 puppet-apply[2471]: (/User[dwhite]/ensure) created* Thanks
