Ansible Pilot

Ansible troubleshooting - passwordless account

Ansible troubleshooting - passwordless account

How to reproduce the usermod: unlocking the user's password would result in a passwordless account. error and how to solve it!

Today we’re going to talk about Ansible troubleshooting and specifically about the “Fatal usermod: unlocking the user’s password would result in a passwordless account.” error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

demo

The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the usermod: unlocking the user's password would result in a passwordless account. error and how to solve it!

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
- name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: false

verify no user example in the target system:

$ ssh [email protected]
Last login: Tue Oct  5 09:35:24 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct  5 09:34:55 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
[[email protected] ~]# exit
logout
[[email protected] ~]$ exit
logout

output

$ ansible-playbook -i demo/inventory troubleshooting/passwordless_error.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
changed: [demo.example.com]
TASK [enable user] ********************************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
- name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        password: "{{ mypassword | password_hash('sha512') }}"
        state: present
        password_lock: false

output

$ ansible-playbook -i demo/inventory troubleshooting/passwordless_fix.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
ok: [demo.example.com]
TASK [enable user] ********************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

verification

$ ssh [email protected]
Last login: Tue Oct  5 09:37:07 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct  5 09:35:42 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
example:x:1002:1002::/home/example:/bin/bash
[[email protected] ~]# passwd -S example
example PS 2021-10-05 0 99999 7 -1 (Password set, SHA512 crypt.)
[[email protected] ~]# grep example /etc/shadow
example:$6$kg63VBL5Hw3AwjQt$GSn.Z7h3/ipgaY2p0ypSrymLN/2.lhZnMeONjkiaYc5o7R6TkfHtPJyXmKqoW3IQxw6Udxb2khiJ8NCVo4QKM1:18905:0:99999:7:::

code with ❤️ in GitHub

Recap

Now you know better how to troubleshoot the error: “usermod: unlocking the user’s password would result in a passwordless account”. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Donate

Want to keep this project going? Please donate

Follow me

Subscribe not to miss any new releases

October 5, 2021