I am having a hard time figuring out how to use chef to run a bash command (passwd)
I know how to set up the bash resource block but how do I set it up so that is will take the variable password = 'abc123'. The user I want to do it for is adminblah for this example.
bash 'analytics_password' do
code <<-EOH
sudo passwd adminblah
EOH
end
I am not sure how to get the password variable into this.
There are a couple of ways you could achieve setting the user password. If you want to use the bash resource you could do this:
# Backslashes are escaped because of ruby
bash 'analytics_password' do
code <<-EOH
echo -e "#{password}\\n#{password}\\n" | passwd adminblah
EOH
sensitive true
end
The above echo replicates inputting then confirming the password if you ran this on the command line.
You could also look at using chpasswd instead (if available):
bash 'analytics_password' do
code <<-EOH
echo "adminblah:#{password}" | chpasswd
EOH
sensitive true
end
In both the above cases the sensitive property hides any potential output of the password in the Chef logs.
The best option would probably be looking at the user resource. This is a bit more complicated as you'll need to create a Password Shadow Hash (examples are provided in the link), but should be considered.