Ansible Pilot

Ansible troubleshooting - passwordless account

Ansible troubleshooting - passwordless account

How to reproduce the usermod: unlocking the user's password would result in a passwordless account. error and how to solve it!

Today we’re going to talk about Ansible troubleshooting and specifically about the “Fatal usermod: unlocking the user’s password would result in a passwordless account.” error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

demo

The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the usermod: unlocking the user's password would result in a passwordless account. error and how to solve it!

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
- name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: false

verify no user example in the target system:

$ ssh [email protected]
Last login: Tue Oct  5 09:35:24 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct  5 09:34:55 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
[[email protected] ~]# exit
logout
[[email protected] ~]$ exit
logout

output

$ ansible-playbook -i demo/inventory troubleshooting/passwordless_error.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
changed: [demo.example.com]
TASK [enable user] ********************************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
- name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        password: "{{ mypassword | password_hash('sha512') }}"
        state: present
        password_lock: false

output

$ ansible-playbook -i demo/inventory troubleshooting/passwordless_fix.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
ok: [demo.example.com]
TASK [enable user] ********************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

verification

$ ssh [email protected]
Last login: Tue Oct  5 09:37:07 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct  5 09:35:42 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
example:x:1002:1002::/home/example:/bin/bash
[[email protected] ~]# passwd -S example
example PS 2021-10-05 0 99999 7 -1 (Password set, SHA512 crypt.)
[[email protected] ~]# grep example /etc/shadow
example:$6$kg63VBL5Hw3AwjQt$GSn.Z7h3/ipgaY2p0ypSrymLN/2.lhZnMeONjkiaYc5o7R6TkfHtPJyXmKqoW3IQxw6Udxb2khiJ8NCVo4QKM1:18905:0:99999:7:::

code with ❤️ in GitHub

Recap

Now you know better how to troubleshoot the error: “usermod: unlocking the user’s password would result in a passwordless account”. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

Donate

Want to keep this project going? Please donate

Follow me

Subscribe not to miss any new releases

October 5, 2021