Ansible troubleshooting - passwordless account
How to reproduce the "usermod: unlocking the user's password would result in a passwordless account." error and how to solve it!


Today we’re going to talk about Ansible troubleshooting and specifically about the “Fatal usermod: unlocking the user’s password would result in a passwordless account.” error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
The Best Resources For Ansible
Certifications
Video Course
Printed Book
eBooks
Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios
demo
The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the usermod: unlocking the user's password would result in a passwordless account.
error and how to solve it!
error code
- passwordless_error.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
tasks:
- name: create a disabled user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: true
- name: enable user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: false
error verification
verify no user example in the target system:
$ ssh [email protected]
Last login: Tue Oct 5 09:35:24 2021 from 192.168.0.100
[devops@demo ~]$ sudo su -
Last login: Tue Oct 5 09:34:55 UTC 2021 on pts/0
[root@demo ~]# getent passwd | grep example
[root@demo ~]# exit
logout
[devops@demo ~]$ exit
logout
error execution
output
$ ansible-playbook -i demo/inventory troubleshooting/passwordless_error.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
changed: [demo.example.com]
TASK [enable user] ********************************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=
fix code
- passwordless_fix.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: create a disabled user
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password_lock: true
- name: enable user
ansible.builtin.user:
name: "{{ myuser }}"
password: "{{ mypassword | password_hash('sha512') }}"
state: present
password_lock: false
fix execution
output
$ ansible-playbook -i demo/inventory troubleshooting/passwordless_fix.yml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [create a disabled user] *********************************************************************
ok: [demo.example.com]
TASK [enable user] ********************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
fix verification
$ ssh [email protected]
Last login: Tue Oct 5 09:37:07 2021 from 192.168.0.100
[devops@demo ~]$ sudo su -
Last login: Tue Oct 5 09:35:42 UTC 2021 on pts/0
[root@demo ~]# getent passwd | grep example
example:x:1002:1002::/home/example:/bin/bash
[root@demo ~]# passwd -S example
example PS 2021-10-05 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@demo ~]# grep example /etc/shadow
example:$6$kg63VBL5Hw3AwjQt$GSn.Z7h3/ipgaY2p0ypSrymLN/2.lhZnMeONjkiaYc5o7R6TkfHtPJyXmKqoW3IQxw6Udxb2khiJ8NCVo4QKM1:18905:0:99999:7:::
Recap
Now you know better how to troubleshoot the error: “usermod: unlocking the user’s password would result in a passwordless account”. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate