Ansible Pilot

Ansible troubleshooting - passwordless account

How to reproduce the "usermod: unlocking the user's password would result in a passwordless account." error and how to solve it!

Today we’re going to talk about Ansible troubleshooting and specifically about the “Fatal usermod: unlocking the user’s password would result in a passwordless account.” error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

demo

The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the usermod: unlocking the user's password would result in a passwordless account. error and how to solve it!

error code

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
- name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: false

error verification

verify no user example in the target system:

$ ssh [email protected]
Last login: Tue Oct  5 09:35:24 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct  5 09:34:55 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
[[email protected] ~]# exit
logout
[[email protected] ~]$ exit
logout

error execution

output

$ ansible-playbook -i demo/inventory troubleshooting/passwordless_error.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
changed: [demo.example.com]
TASK [enable user] ********************************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=

fix code

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
- name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        password: "{{ mypassword | password_hash('sha512') }}"
        state: present
        password_lock: false

fix execution

output

$ ansible-playbook -i demo/inventory troubleshooting/passwordless_fix.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
ok: [demo.example.com]
TASK [enable user] ********************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

fix verification

$ ssh [email protected]
Last login: Tue Oct  5 09:37:07 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct  5 09:35:42 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
example:x:1002:1002::/home/example:/bin/bash
[[email protected] ~]# passwd -S example
example PS 2021-10-05 0 99999 7 -1 (Password set, SHA512 crypt.)
[[email protected] ~]# grep example /etc/shadow
example:$6$kg63VBL5Hw3AwjQt$GSn.Z7h3/ipgaY2p0ypSrymLN/2.lhZnMeONjkiaYc5o7R6TkfHtPJyXmKqoW3IQxw6Udxb2khiJ8NCVo4QKM1:18905:0:99999:7:::

code with ❤️ in GitHub

Recap

Now you know better how to troubleshoot the error: “usermod: unlocking the user’s password would result in a passwordless account”. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 100+ Automation Examples For Linux and Windows System Administrator and DevOps

Want to keep this project going? Please donate

Trustpilot
Follow me

Subscribe not to miss any new releases

October 5, 2021

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress