How to Change a User Password with Ansible Welcome to another episode of Ansible Pilot! I'm Luca Berton, and in today's session, we'll explore how to change a user password using Ansible. The Ansible module we'll be focusing on is `ansible.builtin.user`, a stable and well-established module that comes bundled with Ansible. It's designed to manage user accounts on various Linux distributions, SunOS, macOS, and FreeBSD. Understanding the Ansible `user` Module The `ansible.builtin.user` module falls under the "builtin" collection of Ansible modules, indicating its integral nature within the Ansible framework. This module has been around for years and proves reliable in handling user accounts across a wide range of operating systems. For Windows environments, the equivalent module is `ansible.windows.win_user`. Key Parameters The `user` module offers a plethora of parameters to cater to various user management tasks. Here are some key parameters: - `name` (string): Specifies the username. - `state` (string): Indicates whether the user should be present or absent. - `password` (string): For Linux, the password must be encrypted; for macOS, it can be in cleartext. The only mandatory parameter is "name" since it denotes the username. The "state" parameter is crucial and should be set to "present" when changing the password, as it ensures the account exists. The most significant parameter is "password," allowing you to set the new password. For macOS, the password is in cleartext, while for Linux, it must be encrypted. The `password_hash` filter can be used to generate an encrypted password. Optionally, you can specify the encryption algorithm and salt to enhance password security. Live Demo: Changing a User Password in Linux Let's dive into a practical Ansible playbook to Playbooknstrate changing a user account password in a Linux environment. Ansible Playbook Code - `change_password.yml` ```yaml --- - name: user module Playbook hosts: all become: true vars: myuser: "example" mypassword: "password" tasks: - name: change password ansible.builtin.user: name: "{{ myuser }}" state: present password: "{{ mypassword | password_hash('sha512') }}" ``` Playbook Execution Output ```bash $ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml PLAY [user module Playbook] *************************************************************************** TASK [Gathering Facts] **************************************************************************** ok: [demo.example.com] TASK [change password] **************************************************************************** changed: [demo.example.com] PLAY RECAP **************************************************************************************** demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ``` Verification ```bash $ sshpass -p 'password' example@demo.example.com ``