Change user password - Ansible module user
How to write an Ansible Playbook to assign the password "password" to an "example" user account in a Linux system with SHA512 encryption.
How to change a user password with Ansible?
I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot
Ansible change user password
Today we’re talking about the Ansible module user
.
The full name is ansible.builtin.user, which means that is part of the collection of modules “builtin” with Ansible and shipped with it.
It’s a module pretty stable and out for years, it manages user accounts.
It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD.
For Windows, use the ansible.windows.win_user
module instead.
Parameters
- name string - username
- state string - present/absent
- password string - Linux encrypted, macOS cleartext
This module has many parameters to perform any task. The only required is “name”, which is the username. In the parameter “state” we need to specify “present” options, obviously, we can’t change a password of a non-existent account. The most important parameter is “password” which allows you to specify the new password. For macOS target, the password is in cleartext. For the Linux target, the “password” must be encrypted before. We could use the “passhword_hash” filter to generate a password. Please note that you could specify the encryption algorithm as well as the salt to make your password more robust.
demo
Let’s jump in a real-life Ansible Playbook to change a user account password in Linux.
code
- change_password.yml
---
- name: user module demo
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: change password
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password: "{{ mypassword | password_hash('sha512') }}"
execution
output
$ ansible-playbook -i demo/inventory change\ user\ password/user.yaml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
verification
$ sshpass -p 'password' [email protected]
Please note: the sshpass
must be installed on the system.
Recap
Now you know how to change the password of a user account with Ansible. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 100+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate