ReleaseEngineering/How To/Reset a Password with Puppet

User passwords are stored in a hashed format alongside other user information. We do not put the hashes in a public location for hopefully obvious reasons - please make sure you don't do this by accident.

Let's say you want to update cltbld's password. First, you need to generate the new hash. You can do that by running the following:

openssl passwd -1 
# now type the password and confirmation

Now, copy and paste that password hash into /etc/puppet/manifests/secrets.pp as the 'password' for the cltbld user (/etc/puppet/production/manifests/extlookup on puppetagain masters). Do this on all active puppet masters. do not check this change in!

Both the root and cltbld passwords can be updated this way.

Additional keys need to be set on puppetagain masters. More details here.