Ticket 332 ‐ Puppet‐Managed OwnCloud User Creation for Client Onboarding - SupaHotBall/OE2-Group-D GitHub Wiki

Task

📌Implementation Requirements

  • You must create a Puppet module that provisions 20 OwnCloud user accounts (ocuser01 to ocuser20) with the following properties:
  • ✅ Unique credentials for each user (Format: ocuserXX (XX = 01-20)
  • ✅ Secure passwords meeting the password policy (see below)
  • ✅ Forced password change on first login
  • ✅ Integration-ready with existing Puppet infrastructure
  • ✅ Validation using ocuser20 (see Validation Procedures)

📁 Puppet Module Structure

  • Your module should follow this directory layout:

  • modules/owncloud_users/

  • ├── manifests/

  • │ ├── init.pp

  • │ └── config.pp

  • ├── files/

  • │ └── create_oc_users.sh

  • └── templates/

  • └── user_list.csv.erb 🔐 Password Policy

  • All generated passwords must:

  • Be a minimum of 10 characters

  • Contain uppercase, lowercase, and numbers

  • NOT contain special characters (client requirement)

📌Validation Procedures

  • You must validate the implementation using ocuser20: Test Case (ocuser20):
  • Verify password reset is forced on first login
  • Provide before and after evidence of the password change prompt
  • Simulate first login via OwnCloud web UI and
  • Confirm that the forced password reset works as expected

📌 Acceptance Criteria

  • 20 user accounts created via puppet agent -t --debug
  • ocuser20 requires password reset on first login
  • Zero manual intervention in user creation process
  • CSV file of all credentials (username/password) is generated and:
  • Delivered to the manager via ticket correspondence by the deadline (10am on Monday, 26th May, 2025)
  • Ensure fully automated process (zero manual intervention)

📌Documentation includes:

  • Script
  • How the module and script work
  • Evidence of password change prompt (screenshots/logs for ocuser20)
  • Final user list in CSV (with credentials)

📦 Deliverables

  • create_oc_users.sh – Shell script for user creation
  • user_list.csv.erb – ERB template for storing user credentials
  • Puppet module (init.pp, config.pp)
  • Validation evidence for ocuser20

📌Post-Onboarding Notes

  • Clients will change passwords via OwnCloud web UI
  • Password rotation will be handled automatically every 90 days via Puppet

📌Priority:

  • High (This ticket is part of our ongoing assessment 2 team-opertation exercise)

⏰ Deadline Submit all deliverables by:

  • 🗓️ 10am, Monday 26th May 2025

Steps Taken

Step 1: Create the Puppet Module Structure

  • Name: owncloud_users
sudo mkdir -p /etc/puppetlabs/code/modules/owncloud_users/{files,manifests,templates}

This creates:

  • files/ to store static files like the shell script
  • manifests/ to store your .pp manifest files
  • templates/ if you want to generate files like CSV with .erb

Step 2: Create the Script That Adds OwnCloud Users

Name: create_oc_users.sh

  • Generate 20 usernames (ocuser01 to ocuser20)
  • Create a random password for each
  • Add each user to OwnCloud using occ
  • Force password reset for each user
  • Save all credentials in a CSV file

Location: /etc/puppetlabs/code/modules/owncloud_users/files/create_oc_users.sh

#!/bin/bash
CSV_FILE="/tmp/user_list.csv"
echo "username,password" > "$CSV_FILE"

for i in $(seq -w 1 20); do
  USERNAME="ocuser$i"
  PASSWORD=$(</dev/urandom tr -dc 'A-Za-z0-9' | head -c12)

  # Create OwnCloud user
  sudo -u www-data php /var/www/owncloud/occ user:add --password-from-env "$USERNAME" <<< "$PASSWORD"

  # Force password reset on first login
  sudo -u www-data php /var/www/owncloud/occ user:setting "$USERNAME" login login.resetPassword --value true

  echo "$USERNAME,$PASSWORD" >> "$CSV_FILE"
done

chmod 600 "$CSV_FILE"
echo "OK - Created 20 OwnCloud users and exported to $CSV_FILE"
exit 0

Make sure the script is executable:

chmod +x /etc/puppetlabs/code/modules/owncloud_users/files/create_oc_users.sh

Step 3: Write Puppet config.pp to Deploy the Script

Location: /etc/puppetlabs/code/modules/owncloud_users/manifests/config.pp

  • This makes sure Puppet copies the script to the App server correctly:
class owncloud_users::config {
  file { '/usr/lib/nagios/plugins/create_oc_users.sh':
    ensure  => 'file',
    source  => 'puppet:///modules/owncloud_users/create_oc_users.sh',
    mode    => '0755',
    owner   => 'nagios',
    group   => 'nagios',
  }

  exec { 'run_user_creation_script':
    command     => '/usr/lib/nagios/plugins/create_oc_users.sh',
    path        => ['/bin', '/usr/bin'],
    refreshonly => true,
    require     => File['/usr/lib/nagios/plugins/create_oc_users.sh'],
  }
}

Step 4: Create the Puppet Manifest File - init.pp

Location: /etc/puppetlabs/code/modules/owncloud_users/manifests/init.pp

  • This init.pp file ensures that when you include the class owncloud_users in your Puppet site manifest (e.g., site.pp), it will automatically apply the configuration defined in config.pp.
class owncloud_users {
  include owncloud_users::config
}

Step 5: Create a Template for CSV Output

Location: /etc/puppetlabs/code/modules/owncloud_users/templates/user_list.csv.erb

  • This template can be used later in a file resource if you're managing CSV from Puppet.
username,password
<% @users.each do |user| -%>
<%= user[:username] %>,<%= user[:password] %>
<% end -%>

Step 6: Add the NRPE Command

Location: /etc/puppetlabs/code/modules/nagios_nrpe/files/nrpe.cfg

command[check_create_owncloud_users]=/usr/lib/nagios/plugins/create_oc_users.sh

Step 7: Define the NRPE Check in Nagios Config

Location: /etc/puppetlabs/code/modules/nagios/manifests/config.pp

nagios_service { "create-owncloud-users":
  service_description => "Create OwnCloud Users",
  host_name           => "apps-d",
  check_command       => "check_nrpe!check_create_owncloud_users",
  max_check_attempts  => 3,
  retry_interval      => 1,
  check_interval      => 5,
  check_period        => "24x7",
  notification_interval => 30,
  notification_period   => "24x7",
  notification_options  => "w,u,c,r",
  contact_groups        => "slackgroup",
  target                => "/etc/nagios4/conf.d/ppt_services.cfg",
  mode                  => "0644",
}

Step 8: Apply Puppet on the Mgmt and App Servers

On App Server:

sudo puppet agent --test

On Mgmt Server:

sudo puppet agent --test

Restart NRPE:

sudo systemctl restart nagios-nrpe-server.service

Step 9: Run the Check from Mgmt Server

/usr/lib/nagios/plugins/check_nrpe -H 10.2.0.5 -c check_create_owncloud_users

Expected output:

OK - Created 20 OwnCloud users and exported to /tmp/user_list.csv

image

Step 10: Confirm the Script Worked

Check the CSV:

sudo cat /tmp/user_list.csv

You should see all 20 user credentials. Check OwnCloud UI:

  • Login as Admin
  • Navigate to Users
  • Verify all ocuser01 to ocuser20 exist
username,password
ocuser01,Lj61SHayztac
ocuser02,cvLUD7VEyP9U
ocuser03,fGKnuTCpB70F
ocuser04,u4EWPXoT5XL9
ocuser05,QCcrPUL6xa4c
ocuser06,gPNmP5koliri
ocuser07,cK540pLGhnCc
ocuser08,RiRe6TipxNM2
ocuser09,ASLuX8n2XNuG
ocuser10,DLr6FuYFbRDz
ocuser11,pOSjUsnJj0aG
ocuser12,kU7UIcZdaVv3
ocuser13,ujyZEIyTJPqv
ocuser14,ByXIzIGStFij
ocuser15,Lc4xN9K1iS2d
ocuser16,D4k2MATF3rI2
ocuser17,TF5mYjSCkQeF
ocuser18,saKZBeTjCWgo
ocuser19,ZnhKayN3UV8c
ocuser20,q6v5oFE3fPL2

image

Step 11: Test ocuser20 Login

Find credentials:

sudo grep ocuser20 /tmp/user_list.csv

image

Login at http:// with:

  • Username: ocuser20
  • Password: Rushhour
  • You should be forced to change the password and then see their dashboard.

image

image

image

image

Challenges

External Resources

Ticket Reference

https://rt.dataraster.com/Ticket/Display.html?id=332&results=15ecab9acded71b8d333e339efcd207e

⚠️ **GitHub.com Fallback** ⚠️