Ansible Pilot

Change user password - Ansible module user

How to write an Ansible Playbook to assign the password "password" to an "example" user account in a Linux system with SHA512 encryption.

How to change a user password with Ansible?

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot

Ansible change user password

Today we’re talking about the Ansible module user. The full name is ansible.builtin.user, which means that is part of the collection of modules “builtin” with Ansible and shipped with it. It’s a module pretty stable and out for years, it manages user accounts. It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD. For Windows, use the ansible.windows.win_user module instead.

Parameters

This module has many parameters to perform any task. The only required is “name”, which is the username. In the parameter “state” we need to specify “present” options, obviously, we can’t change a password of a non-existent account. The most important parameter is “password” which allows you to specify the new password. For macOS target, the password is in cleartext. For the Linux target, the “password” must be encrypted before. We could use the “passhword_hash” filter to generate a password. Please note that you could specify the encryption algorithm as well as the salt to make your password more robust.

demo

Let’s jump in a real-life Ansible Playbook to change a user account password in Linux.

code

---
- name: user module demo
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: change password
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password: "{{ mypassword | password_hash('sha512') }}"

execution

output

$ ansible-playbook -i demo/inventory change\ user\ password/user.yaml
PLAY [user module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

verification


$ sshpass -p 'password' [email protected]

Please note: the sshpass must be installed on the system.

code with ❤️ in GitHub

Recap

Now you know how to change the password of a user account with Ansible. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 100+ Automation Examples For Linux and Windows System Administrator and DevOps

Want to keep this project going? Please donate

Trustpilot
Follow me

Subscribe not to miss any new releases

October 7, 2021

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress