Ansible troubleshooting - passwordless account
How to reproduce the "usermod: unlocking the user's password would result in a passwordless account." error and how to solve it!


Today we’re going to talk about Ansible troubleshooting and specifically about the “Fatal usermod: unlocking the user’s password would result in a passwordless account.” error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
The Best Resources For Ansible
Video Course
Printed Book
eBooks
- Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
- Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
- Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
- Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
- Ansible For Containers and Kubernetes By Examples: 20+ Automation Examples To Automate Containers, Kubernetes and OpenShift
- Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
- Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
- Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
- Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
- Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
demo
The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the usermod: unlocking the user's password would result in a passwordless account.
error and how to solve it!
error code
- passwordless_error.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
tasks:
- name: create a disabled user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: true
- name: enable user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: false
error verification
verify no user example in the target system:
$ ssh [email protected]
Last login: Tue Oct 5 09:35:24 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct 5 09:34:55 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
[[email protected] ~]# exit
logout
[[email protected] ~]$ exit
logout
error execution
output
$ ansible-playbook -i demo/inventory troubleshooting/passwordless_error.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
changed: [demo.example.com]
TASK [enable user] ********************************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=
fix code
- passwordless_fix.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: create a disabled user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: true
- name: enable user
ansible.builtin.user:
name: "{{ myuser }}"
password: "{{ mypassword | password_hash('sha512') }}"
state: present
password_lock: false
fix execution
output
$ ansible-playbook -i demo/inventory troubleshooting/passwordless_fix.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
ok: [demo.example.com]
TASK [enable user] ********************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
fix verification
$ ssh [email protected]
Last login: Tue Oct 5 09:37:07 2021 from 192.168.0.100
[[email protected] ~]$ sudo su -
Last login: Tue Oct 5 09:35:42 UTC 2021 on pts/0
[[email protected] ~]# getent passwd | grep example
example:x:1002:1002::/home/example:/bin/bash
[[email protected] ~]# passwd -S example
example PS 2021-10-05 0 99999 7 -1 (Password set, SHA512 crypt.)
[[email protected] ~]# grep example /etc/shadow
example:$6$kg63VBL5Hw3AwjQt$GSn.Z7h3/ipgaY2p0ypSrymLN/2.lhZnMeONjkiaYc5o7R6TkfHtPJyXmKqoW3IQxw6Udxb2khiJ8NCVo4QKM1:18905:0:99999:7:::
Recap
Now you know better how to troubleshoot the error: “usermod: unlocking the user’s password would result in a passwordless account”. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate