root

I've always tried to be cautious about what information I find on the Internet. Here's a perfect example.

Someone had posted this method of setting the root password in a puppet module:

Here is the "BAD WAY" to do it...

$password = 'your_plain_text_password'user { 'root': ensure => 'present', password => generate('/bin/sh', '-c', "mkpasswd -m sha-512 ${password} | tr -d '\n'"),}

Why is this bad? Because every time the client runs, this rule will be processed and a new password generated. Wasteful of client cpu cycles.

Much better to set the password string to the output of the mkpasswd command, and keep the entry static.