Changing non-ansible user password on remote server

There exists a service account srvAdmin on other Linux hosts which I need to log in as that account and change its password. I can’t set up an ansible service account on all those other hosts since they don’t belong to me.

I have the ansible_password variable set in my inventory file. I know thats not best practice but I can’t use my ansible service account SSH key in this case.

This is what the inventory file looks like:

all:
  vars:
    ansible_user: srvAdmin
    ansible_password: password123

My goal is to login in to other servers using these credentials.

I need assistance on the playbook aspect:

- name: Change the srvAdmin password
  hosts: all
  any_errors_fatal: true
  become: false
  vars:
    myuser: "srvAdmin "
    currentPassword: "password123"
    newPassword: "password123abc"

Basically I’m not sure of what module to use to change from currentPassword to newPassword.

I was thinking the ansible.builtin.shell module to issue the passwd command but I’m not sure on how to:

  1. Enter in the value of currentPassword once passwd gets executed.
  2. And similarly enter the newPassword.

Thanks for reading

ansible.builtin.user module – Manage user accounts — Ansible Community Documentation ?

2 Likes

well I also have some odd servers with different operating system such as ADE-OS so I thought shell module would help run into less errors where as I don’t know if user module will cause an error or not.

Never heard of that OS. Pick a test system of minimal impact/importance and see if it works.

1 Like

ADE-OS will probably not work with shell either, only with raw, I would look at the cisco collections/modules to see if any support it.

2 Likes

I’m trying the user module but is there any way I can do it without needing sudo?

I have become: false set and get the below message on each server when I run the playbook.

ansible FAILED! => {"changed": false, "msg": "usermod: Permission denied.\nusermod: cannot lock /etc/passwd; try again later

If I have become: true and run the playbook, then I get the below message which makes sense.
"msg": "Missing sudo password"

playbook

name: blah
  hosts: all
  any_errors_fatal: true
  become: false

  tasks:
    - name: Change the password for srvAdmin
      ansible.builtin.user:
        name: srvAdmin
        update_password: always
        password: "{{ newPassword|password_hash('sha512') }}"

I pass in the value of newPassword via command line var