with puppet8 creating users with passwords fails:
hboetes opened this issue · comments
Describe the Bug
with puppet8 creating users with passwords fails:
Expected Behavior
With puppet8 creating users with passwords succeeds:
Steps to Reproduce
# puppet apply -e 'user { "foo01": password => Sensitive("bah") }'
/usr/share/ruby/vendor_ruby/augeas.rb:48: warning: undefining the allocator of T_DATA class Augeas
Notice: Compiled catalog for swlaptop01.example.com in environment production in 0.01 seconds
Warning: /User[foo01]: Unable to mark 'password' as sensitive: the property itself was not assigned a value.
Or the same with:
# puppet apply -e 'define u(Sensitive[String[1]] $pw) { user { $title: password => $pw } } u { "foo01": pw => Sensitive("bah") }'
And if you don't sensitive the password, you get this:
root@swlaptop01 ~ # puppet apply -e 'user { "foo01": password => "bah", ensure => present }'
/usr/share/ruby/vendor_ruby/augeas.rb:48: warning: undefining the allocator of T_DATA class Augeas
Notice: Compiled catalog for swlaptop01.example.com in environment production in 0.01 seconds
Notice: /Stage[main]/Main/User[foo01]/ensure: created
Notice: Applied catalog in 0.60 seconds
root@swlaptop01 ~ # grep foo /etc/shadow
foo01:!:19825:0:99999:7:::
Notice the empty password.
@hboetes based on the file path /usr/share/ruby/vendor_ruby/augeas.rb, it appears you are not using puppet-agent packages from Puppet.
The failure to set a password is likely due to using an older libshadow with Ruby 3.2. We fixed that in puppetlabs/puppet-runtime@ae12465#diff-2333ab30a29f3376327884a83099d69548a03c1f7937f4846acc8ac42bbfcd9e
The augeas warning was also fixed in puppetlabs/puppet-runtime@3b22df1
I cannot reproduce the issue on RHEL8:
# rpm -q puppet-agent
puppet-agent-8.6.0-1.el9.x86_64
# /opt/puppetlabs/puppet/bin/puppet apply -e 'user { "foo01": password => Sensitive("bah") }'
Notice: Compiled catalog for amateur-founder.delivery.puppetlabs.net in environment production in 0.01 seconds
Notice: /Stage[main]/Main/User[foo01]/ensure: created
Notice: Applied catalog in 0.12 seconds
# grep foo01 /etc/shadow
foo01:bah:19828:0:99999:7:::
Hi there Josh, thanks for your reply.
You are right on all points, this was puppet-8.3.1 on Fedora 39. And now I installed the Fedora 36 release, by installing the puppet-7 release package, changing the yum repo file to puppet 8 and then installing the latest puppet8 release 8.6.0 and things are working again.
So to summarize:
- Official fedora packages for puppet are often out of date.
- Puppet does not provide fedora packages for current fedora releases, just for releases that have been EOL for years.
- Puppet does not provide a simple build mechanism so people can build their own packages.
Quite the dilemma.
Hi @hboetes , we have a team currently working on creating official packages for Fedora 40, and we are working on making our build process more accessible.
I'm going to close out this issue and point you to Fedora 40 packages when they are released.
Thank you!
I just manually build a puppet-8.6.0 package for fedora-40, copied from rawhide and that also doesn't fix the issue, even though it's using ruby-3.3.0
I figuratively can't wait until the official fedora 40 packages have been released.
root@habocp3 ~ # puppet apply -e 'user { "foo01": password => Sensitive("bah") }'
/usr/share/ruby/vendor_ruby/augeas.rb:48: warning: undefining the allocator of T_DATA class Augeas
Notice: Compiled catalog for habocp3.axis-flight-training-systems.at in environment production in 0.01 seconds
Warning: /User[foo01]: Unable to mark 'password' as sensitive: the property itself was not assigned a value.
Notice: Applied catalog in 0.08 seconds
root@habocp3 ~ # rpm -qa G puppet
rubygem-semantic_puppet-1.1.0-2.fc40.noarch
rubygem-puppet-resource_api-1.8.18-2.fc40.noarch
puppet-8.6.0-1.fc40.noarch
root@habocp3 ~ # rpm -qa G ruby
ruby-libs-3.3.0-4.fc40.x86_64
rubypick-1.1.1-20.fc40.noarch
ruby-3.3.0-4.fc40.x86_64
ruby-default-gems-3.3.0-4.fc40.noarch
rubygem-io-console-0.7.1-4.fc40.x86_64
rubygem-json-2.7.1-203.fc40.x86_64
rubygem-psych-5.1.2-4.fc40.x86_64
rubygem-rdoc-6.6.2-4.fc40.noarch
rubygems-3.5.3-4.fc40.noarch
rubygem-bcrypt_pbkdf-1.1.0-11.fc40.x86_64
rubygem-ed25519-1.3.0-7.fc40.x86_64
rubygem-net-ssh-7.1.0-3.fc40.noarch
rubygem-net-scp-4.0.0-4.fc40.noarch
rubygem-net-sftp-4.0.0-3.fc40.noarch
rubygem-childprocess-4.1.0-8.fc40.noarch
rubygem-concurrent-ruby-1.1.9-6.fc40.noarch
rubygem-i18n-1.14.1-5.fc40.noarch
rubygem-erubi-1.12.0-1.fc40.noarch
rubygem-ffi-1.15.5-10.fc40.x86_64
rubygem-rb-inotify-0.10.1-9.fc40.noarch
rubygem-listen-3.7.1-5.fc40.noarch
rubygem-hashicorp-checkpoint-0.1.5-14.fc40.noarch
rubygem-irb-1.11.0-4.fc40.noarch
ruby-bundled-gems-3.3.0-4.fc40.x86_64
rubygem-log4r-1.1.10-22.fc40.noarch
rubygem-mime-types-data-3.2023.0218.1-3.fc40.noarch
rubygem-mime-types-3.4.1-4.fc40.noarch
rubygem-rexml-3.2.6-4.fc40.noarch
rubygem-rubyzip-2.3.2-8.fc40.noarch
rubygem-thor-1.2.1-6.fc40.noarch
rubygem-sys-filesystem-1.4.3-4.fc40.noarch
rubygem-hocon-1.4.0-4.fc40.noarch
ruby-devel-3.3.0-4.fc40.x86_64
rubygem-semantic_puppet-1.1.0-2.fc40.noarch
rubygem-scanf-1.0.0-5.fc40.noarch
rubygem-racc-1.7.3-202.fc40.x86_64
rubygem-multi_json-1.15.0-9.fc40.noarch
rubygem-deep_merge-1.2.2-7.fc40.noarch
ruby-augeas-0.5.0-38.fc40.x86_64
libselinux-ruby-3.6-4.fc40.x86_64
rubygem-puppet-resource_api-1.8.18-2.fc40.noarch
It's now been three weeks and fedora 40 has been out for over 2 weeks. What's the status on the updated packages?
@mhashizume It's now been four weeks and fedora 40 has been out for over three weeks. What's the status on the updated packages?