Change user password - Ansible module user

How to write an Ansible Playbook to assign the password "password" to an "example" user account in a Linux system with SHA512 encryption.

October 7, 2021

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

#ansible #user #module #linux #user-management #rhel #centos #fedora #ubuntu #debian #suse

How to change a user password with Ansible?

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot

Ansible change user password

Today we’re talking about the Ansible module user. The full name is ansible.builtin.user, which means that is part of the collection of modules “builtin” with Ansible and shipped with it. It’s a module pretty stable and out for years, it manages user accounts. It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD. For Windows, use the ansible.windows.win_user module instead.

Parameters

name string - username
state string - present/absent
password string - Linux encrypted, macOS cleartext

This module has many parameters to perform any task. The only required is “name”, which is the username. In the parameter “state” we need to specify “present” options, obviously, we can’t change a password of a non-existent account. The most important parameter is “password” which allows you to specify the new password. For macOS target, the password is in cleartext. For the Linux target, the “password” must be encrypted before. We could use the “passhword_hash” filter to generate a password. Please note that you could specify the encryption algorithm as well as the salt to make your password more robust.

The Best Resources For Ansible

Video Course

Learn Ansible Automation in 200+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Books

demo

Let’s jump in a real-life Ansible Playbook to change a user account password in Linux.

code

change_password.yml

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: change password
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password: "{{ mypassword | password_hash('sha512') }}"

execution

output

$ ansible-playbook -i demo/inventory change\ user\ password/user.yaml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

verification


$ sshpass -p 'password' [email protected]

Please note: the sshpass must be installed on the system.

code with ❤️ in GitHub

Recap

Now you know how to change the password of a user account with Ansible. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.