Introduction
In today's episode of Ansible Pilot, I'm Luca Berton, and we'll be delving into the process of changing a user password on a Linux system using Ansible. Specifically, we'll be utilizing the ansible.builtin.user module, an integral part of Ansible's collection of built-in modules.
The Ansible User Module
The ansible.builtin.user module is a stable and well-established component of Ansible, designed to manage user accounts. It boasts compatibility with a wide range of Linux distributions, including RHEL, CentOS, Fedora, Ubuntu, Debian, SUSE, as well as SunOS, macOS, and FreeBSD. For Windows systems, the equivalent module is ansible.windows.win_user.
Parameters
The user module comes with various parameters, but the three key ones for our password-changing task are:
- name (string): Specifies the username.
- state (string): Indicates the desired state of the user account (present or absent).
- password (string): For Linux systems, the password must be provided in encrypted form, while macOS accepts cleartext passwords.
Writing the Ansible Playbook
Let's take a practical approach by crafting an Ansible Playbook that changes the password for a user account on a Linux system.
Ansible Playbook Code: change_password.yml
``yaml
---
- name: user module Playbook
hosts: all
become: true
vars:
myuser: "example"
mypassword: "password"
tasks:
- name: change password
ansible.builtin.user:
name: "{{ myuser }}"
state: present
password: "{{ mypassword | password_hash('sha512') }}"
`
Executing the Playbook
To execute the playbook, use the following command:
`bash
$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml
`
output
`bash
$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml
PLAY [user module Playbook] *
TASK [Gathering Facts]
ok: [demo.example.com]
TASK [change password]
changed: [demo.example.com]
PLAY RECAP **
demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
``
Verification
You can verify the password change by at