Ansible troubleshooting - passwordless account
How to reproduce the "usermod: unlocking the user's password would result in a passwordless account." error and how to solve it!
Today we’re going to talk about Ansible troubleshooting and specifically about the “Fatal usermod: unlocking the user’s password would result in a passwordless account.” error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
The Best Resources For Ansible
Certifications
- Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription
Video Course
Printed Book
-
Ansible For VMware by Examples
-
Ansible for Kubernetes by Example
-
Hands-on Ansible Automation
-
Red Hat Ansible Automation Platform
eBooks
- Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
- Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
- Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
- Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
- Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
- Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
- Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
- Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
- Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
- Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
- Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
- Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios
demo
The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the usermod: unlocking the user's password would result in a passwordless account.
error and how to solve it!
error code
- passwordless_error.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
tasks:
- name: create a disabled user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: true
- name: enable user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: false
error verification
verify no user example in the target system:
$ ssh [email protected]
Last login: Tue Oct 5 09:35:24 2021 from 192.168.0.100
[devops@demo ~]$ sudo su -
Last login: Tue Oct 5 09:34:55 UTC 2021 on pts/0
[root@demo ~]# getent passwd | grep example
[root@demo ~]# exit
logout
[devops@demo ~]$ exit
logout
error execution
output
$ ansible-playbook -i demo/inventory troubleshooting/passwordless_error.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
changed: [demo.example.com]
TASK [enable user] ********************************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=
fix code
- passwordless_fix.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: create a disabled user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: true
- name: enable user
ansible.builtin.user:
name: "{{ myuser }}"
password: "{{ mypassword | password_hash('sha512') }}"
state: present
password_lock: false
fix execution
output
$ ansible-playbook -i demo/inventory troubleshooting/passwordless_fix.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
ok: [demo.example.com]
TASK [enable user] ********************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
fix verification
$ ssh [email protected]
Last login: Tue Oct 5 09:37:07 2021 from 192.168.0.100
[devops@demo ~]$ sudo su -
Last login: Tue Oct 5 09:35:42 UTC 2021 on pts/0
[root@demo ~]# getent passwd | grep example
example:x:1002:1002::/home/example:/bin/bash
[root@demo ~]# passwd -S example
example PS 2021-10-05 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@demo ~]# grep example /etc/shadow
example:$6$kg63VBL5Hw3AwjQt$GSn.Z7h3/ipgaY2p0ypSrymLN/2.lhZnMeONjkiaYc5o7R6TkfHtPJyXmKqoW3IQxw6Udxb2khiJ8NCVo4QKM1:18905:0:99999:7:::
Recap
Now you know better how to troubleshoot the error: “usermod: unlocking the user’s password would result in a passwordless account”. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate