Puppet Enterprise Console Lockpicking
Puppet Enterprise 3.1 introduced a new feature to the PE console: account lockouts. After 10 unsuccessful login attempts, console accounts will be locked out until this state is manually cleared by an admin.
Unlocking a user account is simple enough if you have another admin user handy. But what happens if your sole admin account is locked out?
You could create a new admin user, remove the lock on your existing account, then remove the new admin user. Or you can change the flag on the existing user in the database. To do the latter, you can follow these steps (Note: These instructions assume you're using a PE-installed Postgres database, as configured by the installer and PE modules]:
- On the host with the PE Postgres role backing your console, run
sudo su pe-postgres -s /bin/bash -c "/opt/puppet/bin/psql console_auth"This will invoke the Postgres client and connect you to the
email@example.com the correct username for the locked-out user you wish to unlock, run
update authorized_users SET status='enabled',login_failure_count=0 WHERE firstname.lastname@example.org';on the
\qto log out of the psql client and end your session as the
You should now be able to log into the console normally with the newly unlocked account!
- Rebooting Windows with Puppet Enterprise
- How to use Git commit hooks with Puppet Enterprise
- And more helpful posts on Puppet Enterprise
- Haven't tried Puppet Enterprise yet? Download and try it out for free.