Last active
July 6, 2021 12:30
-
-
Save pschyska/26002d5f8ee0da2a9ea0 to your computer and use it in GitHub Desktop.
PW hashing with puppet parser function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lib/puppet/parser/functions/pw_hash.rb | |
| module Puppet::Parser::Functions | |
| newfunction(:pw_hash, type: :rvalue) do |args| | |
| raise Puppet::ParseError, "pw_hash takes exactly two arguments, #{args.length} provided" if args.length != 2 | |
| # SHA512 ($6), default number of rounds (5000) | |
| # rounds could be specified by prepending rounds=<n>$ parameter before the salt, i.e. | |
| # args[0].crypt("$6$rounds=50000$#{args[1]}") | |
| args[0].crypt("$6$#{args[1]}") | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user { 'root': | |
| ensure => present, | |
| password => pw_hash($root_pw, $root_salt), | |
| } |
thanks!
I will just leave here an inline_template version
$pass='password'
$salt='salt'
user{
"alise":
ensure => present,
password => inline_template("<%= '$pass'.crypt('\$6$$salt') %>"),
}
Nice pschyska, works like a charm.
Nice one
If you use stdlib, it includes a function that does this now:
https://github.com/puppetlabs/puppetlabs-stdlib#pw_hash
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks. This helped me out a lot!