root
I've always tried to be cautious about what information I find on the Internet. Here's a perfect example.
Someone had posted this method of setting the root password in a puppet module:
Here is the "BAD WAY" to do it...
$password = 'your_plain_text_password'user { 'root': ensure => 'present', password => generate('/bin/sh', '-c', "mkpasswd -m sha-512 ${password} | tr -d '\n'"),}
Why is this bad? Because every time the client runs, this rule will be processed and a new password generated. Wasteful of client cpu cycles.
Much better to set the password string to the output of the mkpasswd command, and keep the entry static.