Change user password - Ansible module user
How to write an Ansible Playbook to assign the password "password" to an "example" user account in a Linux system with SHA512 encryption.
Introduction
In today’s episode of Ansible Pilot, I’m Luca Berton, and we’ll be delving into the process of changing a user password on a Linux system using Ansible. Specifically, we’ll be utilizing the ansible.builtin.user
module, an integral part of Ansible’s collection of built-in modules.
The Ansible User Module
The ansible.builtin.user
module is a stable and well-established component of Ansible, designed to manage user accounts. It boasts compatibility with a wide range of Linux distributions, including RHEL, CentOS, Fedora, Ubuntu, Debian, SUSE, as well as SunOS, macOS, and FreeBSD. For Windows systems, the equivalent module is ansible.windows.win_user
.
Parameters
The user
module comes with various parameters, but the three key ones for our password-changing task are:
- name (string): Specifies the username.
- state (string): Indicates the desired state of the user account (present or absent).
- password (string): For Linux systems, the password must be provided in encrypted form, while macOS accepts cleartext passwords.
Writing the Ansible Playbook
Let’s take a practical approach by crafting an Ansible Playbook that changes the password for a user account on a Linux system.
Ansible Playbook Code: change_password.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: change password
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password: "{{ mypassword | password_hash('sha512') }}"
Executing the Playbook
To execute the playbook, use the following command:
$ ansible-playbook -i demo/inventory change\ user\ password/user.yaml
output
$ ansible-playbook -i demo/inventory change\ user\ password/user.yaml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The Best Resources For Ansible
Certifications
- Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription
Video Course
Printed Book
-
Ansible For VMware by Examples
-
Ansible for Kubernetes by Example
-
Hands-on Ansible Automation
-
Red Hat Ansible Automation Platform
eBooks
- Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
- Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
- Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
- Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
- Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
- Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
- Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
- Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
- Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
- Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
- Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
- Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios
Verification
You can verify the password change by attempting to SSH into the system with the updated credentials:
$ sshpass -p 'password' [email protected]
Note: Ensure that sshpass
is installed on the system for this verification step.
Recap
In conclusion, you now possess the knowledge to change a user password on a Linux system using Ansible. The ansible.builtin.user
module simplifies this task, allowing for seamless automation of user account management.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate