Ansible troubleshooting - passwordless account

Explore the Fatal usermod error in Ansible troubleshooting with Luca Berton on Ansible Pilot, featuring practical solutions and Playbooknstrations.

Introduction

Today we're going to talk about Ansible troubleshooting and specifically about the "Fatal usermod: unlocking the user's password would result in a passwordless account." error.

I'm Luca Berton and welcome to today's episode of Ansible Pilot.

Playbook

The best way of talking about Ansible troubleshooting is to jump in a live Playbook to show you practically the usermod: unlocking the user's password would result in a passwordless account. error and how to solve it!

error code

passwordless_error.yml

``yaml


---
name: user module Playbook
  hosts: all
  become: true
  vars:
    myuser: "example"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: false



error verification
Verify no user example in the target system:

`bash


$ ssh [email protected]
Last login: Tue Oct  5 09:35:24 2021 from 192.168.0.100
[devops@demo ~]$ sudo su -
Last login: Tue Oct  5 09:34:55 UTC 2021 on pts/0
[root@demo ~]# getent passwd | grep example
[root@demo ~]# exit
logout
[devops@demo ~]$ exit
logout



error execution
output

`yaml


$ ansible-playbook -i Playbook/inventory troubleshooting/passwordless_error.yml
PLAY [user module Playbook] *
TASK [Gathering Facts] 
ok: [demo.example.com]
TASK [create a disabled user] *
changed: [demo.example.com]
TASK [enable user] 
fatal: [demo.example.com]: FAILED! => {"changed": false, "msg": "usermod: unlocking the user's password would result in a passwordless account.\nYou should set a password with usermod -p to unlock this user's password.\n", "name": "example", "rc": 1}
PLAY RECAP **
demo.example.com           : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=



fix code

passwordless_fix.yml

`yaml


---
name: user module Playbook
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: create a disabled user
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password_lock: true
name: enable user
      ansible.builtin.user:
        name: "{{ myuser }}"
        password: "{{ mypassword | password_hash('sha512') }}"
        state: present
        password_lock: false



fix execution

output

``bash

$ ansible-playbook -i Playbook/inventory troubleshooting/passwordless_fix.yml

PLAY [user module Playbook] *