What you'll learn
- Introduction
- The Ansible User Module
- Parameters
- Writing the Ansible Playbook
- Ansible Playbook Code: `change_password.yml`
- Executing the Playbook
- Verification
- Conclusion
- Set User Password
- Generate Password Hash
Introduction
In today's episode of Ansible Pilot, I'm Luca Berton, and we'll be delving into the process of changing a user password on a Linux system using Ansible. Specifically, we'll be utilizing the `ansible.builtin.user` module, an integral part of Ansible's collection of built-in modules.
The Ansible User Module
The `ansible.builtin.user` module is a stable and well-established component of Ansible, designed to manage user accounts. It boasts compatibility with a wide range of Linux distributions, including RHEL, CentOS, Fedora, Ubuntu, Debian, SUSE, as well as SunOS, macOS, and FreeBSD. For Windows systems, the equivalent module is `ansible.windows.win_user`.
Parameters
The `user` module comes with various parameters, but the three key ones for our password-changing task are:
- **name (string):** Specifies the username.
- **state (string):** Indicates the desired state of the user account (present or absent).
- **password (string):** For Linux systems, the password must be provided in encrypted form, while macOS accepts cleartext passwords.
Writing the Ansible Playbook
Let's take a practical approach by crafting an Ansible Playbook that changes the password for a user account on a Linux system.
Ansible Playbook Code: `change_password.yml`
```yaml
---
- name: user module Playbook
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: change password
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password: "{{ mypassword | password_hash('sha512') }}"
```
Executing the Playbook
To execute the playbook, use the following command:
```bash
$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml
```
output
```bash
$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml
PLAY [user module Playbook] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
Verification
You can verify the password change by attempting to SSH into the system with the updated credentials:
```bash
$ sshpass -p 'password' example@demo.example.com
```
**Note:** Ensure that `sshpass` is installed on the system for this verification step.
Conclusion
In conclusion, you now possess the knowledge to change a user password on a Linux system using Ansible. The `ansible.builtin.user` module simplifies this task, allowing for seamless automation of user account management.
Set User Password
Ansible requires **hashed** passwords (not plaintext):
`