Introduction

In today's episode of Ansible Pilot, I'm Luca Berton, and we'll be delving into the process of changing a user password on a Linux system using Ansible. Specifically, we'll be utilizing the ansible.builtin.user module, an integral part of Ansible's collection of built-in modules.

The Ansible User Module

The ansible.builtin.user module is a stable and well-established component of Ansible, designed to manage user accounts. It boasts compatibility with a wide range of Linux distributions, including RHEL, CentOS, Fedora, Ubuntu, Debian, SUSE, as well as SunOS, macOS, and FreeBSD. For Windows systems, the equivalent module is ansible.windows.win_user.

Parameters

The user module comes with various parameters, but the three key ones for our password-changing task are:

  • name (string): Specifies the username.
  • state (string): Indicates the desired state of the user account (present or absent).
  • password (string): For Linux systems, the password must be provided in encrypted form, while macOS accepts cleartext passwords.

Writing the Ansible Playbook

Let's take a practical approach by crafting an Ansible Playbook that changes the password for a user account on a Linux system.

Ansible Playbook Code: change_password.yml

``yaml

---

  • name: user module Playbook

hosts: all

become: true

vars:

myuser: "example"

mypassword: "password"

tasks:

- name: change password

ansible.builtin.user:

name: "{{ myuser }}"

state: present

password: "{{ mypassword | password_hash('sha512') }}"

`

Executing the Playbook

To execute the playbook, use the following command:

`bash

$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml

`

output

`bash

$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml

PLAY [user module Playbook] *

TASK [Gathering Facts]

ok: [demo.example.com]

TASK [change password]

changed: [demo.example.com]

PLAY RECAP **

demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

`

Verification

You can verify the password change by attempting to SSH into the system with the updated credentials:

`bash

$ sshpass -p 'password' [email protected]

`

Note: Ensure that sshpass is installed on the system for this verification step.

Conclusion

In conclusion, you now possess the knowledge to change a user password on a Linux system using Ansible. The ansible.builtin.user` module simplifies this task, allowing for seamless automation of user account management.