Can't log in root after changing root password by 'user' module

I wrote a playbook to change root password on a host.
I create a password by pwgen, then get hash by mkpasswd and this hash is used as ‘password’ for root
After changing I can’t log in by root, but if I write the same hash in /etc/shadow by myself or change the password by passwd I can log in with no problems
What could be wrong?

Ubuntu 22.04

Hi,

Could you share your playbook as well ? I’d especially like to see how you pass your password hash to user module’s password param.

Hi, here’s the code from bash script

  pwgen -s -r  "OoLlIi0" 20 1 > {$firstname}creds.txt
  mkpasswd --method=yescrypt 'echo "{$firstname}creds.txt"' > passhash
  read passhash <"passhash"
  echo "host ansible_host=$host ansible_user=$usr ansible_sudo_pass=$pass username=$firstname hostname=$hostname passhash=$passhash" > $PWD/ansible/inventory

Ansible task:

- name: Changing root password
      user:
        name: root
        password: "{{ passhash }}"
        update_password: always

I won’t question your bash script as you said the pass hash works if you edit /etc/shadow manually, though there still could be an EOL / EOF issue like a trailing CR or newline (on that note, you should probably use echo -n flag when reading your creds file to remove a potential newline).

I see you defined you var ‘passhash’ in your inventory, but I don’t know for sure you’re either using this inventory file when you call your playbook, or if you target the correct host in your play. So just to be sure, could you run this command and confirm you see your var’s value (also with no trailing \n): ansible -i <yourInventoryFilePath> -m debug -a "var=passhash"