Ansible Pilot

Change user password - Ansible module user

How to write an Ansible Playbook to assign the password "password" to an "example" user account in a Linux system with SHA512 encryption.

October 7, 2021
Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

How to change a user password with Ansible?

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot

Ansible change user password

Today we’re talking about the Ansible module user. The full name is ansible.builtin.user, which means that is part of the collection of modules “builtin” with Ansible and shipped with it. It’s a module pretty stable and out for years, it manages user accounts. It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD. For Windows, use the ansible.windows.win_user module instead.

Parameters

This module has many parameters to perform any task. The only required is “name”, which is the username. In the parameter “state” we need to specify “present” options, obviously, we can’t change a password of a non-existent account. The most important parameter is “password” which allows you to specify the new password. For macOS target, the password is in cleartext. For the Linux target, the “password” must be encrypted before. We could use the “passhword_hash” filter to generate a password. Please note that you could specify the encryption algorithm as well as the salt to make your password more robust.

The Best Resources For Ansible

Video Course

Books

demo

Let’s jump in a real-life Ansible Playbook to change a user account password in Linux.

code

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: change password
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password: "{{ mypassword | password_hash('sha512') }}"

execution

output

$ ansible-playbook -i demo/inventory change\ user\ password/user.yaml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

verification


$ sshpass -p 'password' [email protected]

Please note: the sshpass must be installed on the system.

code with ❤️ in GitHub

Recap

Now you know how to change the password of a user account with Ansible. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 200+ Ansible code

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Trustpilot
Follow me

Subscribe not to miss any new releases

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress