From f95f62588b9ea7d519f87ddaa15e18e3fe92f7d4 Mon Sep 17 00:00:00 2001 From: Alex Hegedus Date: Tue, 28 Nov 2017 09:38:15 -0800 Subject: [PATCH 1/2] Added password-crypted to root-password plugin --- bootstrapvz/plugins/root_password/README.rst | 11 ++++++++++- bootstrapvz/plugins/root_password/manifest-schema.yml | 6 +++++- bootstrapvz/plugins/root_password/tasks.py | 10 ++++++++-- manifests/examples/virtualbox/stretch-vagrant.yml | 2 ++ 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/bootstrapvz/plugins/root_password/README.rst b/bootstrapvz/plugins/root_password/README.rst index c2f37c8..f82d64d 100644 --- a/bootstrapvz/plugins/root_password/README.rst +++ b/bootstrapvz/plugins/root_password/README.rst @@ -6,6 +6,15 @@ SSH password authentication. Settings ~~~~~~~~ +``oneOf`` - ``password``: The password for the root user. - ``required`` +- ``password-crypted``: The password for the root user[crypt(3) hash] + +The following command (available from the **whois** package) can be used +to generate a SHA-512 based crypt(3) hash for a password: + +.. code-block:: shell + + mkpasswd -m sha-512 + diff --git a/bootstrapvz/plugins/root_password/manifest-schema.yml b/bootstrapvz/plugins/root_password/manifest-schema.yml index f91ef63..b5969de 100644 --- a/bootstrapvz/plugins/root_password/manifest-schema.yml +++ b/bootstrapvz/plugins/root_password/manifest-schema.yml @@ -8,7 +8,11 @@ properties: properties: root_password: type: object + oneOf: + - required: [password] + - required: [password-crypted] properties: password: {type: string} - required: [password] + properties: + password-crypted: {type: string} additionalProperties: false diff --git a/bootstrapvz/plugins/root_password/tasks.py b/bootstrapvz/plugins/root_password/tasks.py index b4ee7b3..9f2eac9 100644 --- a/bootstrapvz/plugins/root_password/tasks.py +++ b/bootstrapvz/plugins/root_password/tasks.py @@ -9,5 +9,11 @@ class SetRootPassword(Task): @classmethod def run(cls, info): from bootstrapvz.common.tools import log_check_call - log_check_call(['chroot', info.root, 'chpasswd'], - 'root:' + info.manifest.plugins['root_password']['password']) + password_crypted = info.manifest.plugins['root_password'].get('password-crypted', None) + if password_crypted is not None: + log_check_call(['chpasswd', '--root', info.root, '--encrypted'], + 'root:' + password_crypted) + else: + log_check_call(['chroot', info.root, 'chpasswd'], + 'root:' + info.manifest.plugins['root_password']['password']) + diff --git a/manifests/examples/virtualbox/stretch-vagrant.yml b/manifests/examples/virtualbox/stretch-vagrant.yml index c0dc0f1..87a3334 100644 --- a/manifests/examples/virtualbox/stretch-vagrant.yml +++ b/manifests/examples/virtualbox/stretch-vagrant.yml @@ -28,3 +28,5 @@ volume: packages: {} plugins: vagrant: {} + root_password: + password-crypted: $6$MU3jLtZHS$UHdibqwOJrZw5yI7cqzG.AnzWqOVD9krryd3Y/SgXDSHUEMsaT7iAiQHhuCpjN4Q0tEssbJYoy4H1QFxOY3Tc/ From fc569bcac55b9082bd1d806db60b10173b7671ea Mon Sep 17 00:00:00 2001 From: Alex Hegedus Date: Tue, 28 Nov 2017 21:20:18 -0800 Subject: [PATCH 2/2] Added password-cryped to root_password plugin --- bootstrapvz/plugins/root_password/manifest-schema.yml | 1 - bootstrapvz/plugins/root_password/tasks.py | 5 ++--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/bootstrapvz/plugins/root_password/manifest-schema.yml b/bootstrapvz/plugins/root_password/manifest-schema.yml index b5969de..5958b34 100644 --- a/bootstrapvz/plugins/root_password/manifest-schema.yml +++ b/bootstrapvz/plugins/root_password/manifest-schema.yml @@ -13,6 +13,5 @@ properties: - required: [password-crypted] properties: password: {type: string} - properties: password-crypted: {type: string} additionalProperties: false diff --git a/bootstrapvz/plugins/root_password/tasks.py b/bootstrapvz/plugins/root_password/tasks.py index 9f2eac9..fe2d189 100644 --- a/bootstrapvz/plugins/root_password/tasks.py +++ b/bootstrapvz/plugins/root_password/tasks.py @@ -11,9 +11,8 @@ class SetRootPassword(Task): from bootstrapvz.common.tools import log_check_call password_crypted = info.manifest.plugins['root_password'].get('password-crypted', None) if password_crypted is not None: - log_check_call(['chpasswd', '--root', info.root, '--encrypted'], + log_check_call(['chroot', info.root, '/usr/sbin/chpasswd', '--encrypted'], 'root:' + password_crypted) else: - log_check_call(['chroot', info.root, 'chpasswd'], + log_check_call(['chroot', info.root, '/usr/sbin/chpasswd'], 'root:' + info.manifest.plugins['root_password']['password']) -