Changing non-ansible user password on remote server

stipemd · October 25, 2024, 1:22pm

There exists a service account srvAdmin on other Linux hosts which I need to log in as that account and change its password. I can’t set up an ansible service account on all those other hosts since they don’t belong to me.

I have the ansible_password variable set in my inventory file. I know thats not best practice but I can’t use my ansible service account SSH key in this case.

This is what the inventory file looks like:

all:
  vars:
    ansible_user: srvAdmin
    ansible_password: password123

My goal is to login in to other servers using these credentials.

I need assistance on the playbook aspect:

- name: Change the srvAdmin password
  hosts: all
  any_errors_fatal: true
  become: false
  vars:
    myuser: "srvAdmin "
    currentPassword: "password123"
    newPassword: "password123abc"

Basically I’m not sure of what module to use to change from currentPassword to newPassword.

I was thinking the ansible.builtin.shell module to issue the passwd command but I’m not sure on how to:

Enter in the value of currentPassword once passwd gets executed.
And similarly enter the newPassword.

Thanks for reading

mcen1 · October 25, 2024, 2:27pm

ansible.builtin.user module – Manage user accounts — Ansible Community Documentation ?

stipemd · October 25, 2024, 2:41pm

well I also have some odd servers with different operating system such as ADE-OS so I thought shell module would help run into less errors where as I don’t know if user module will cause an error or not.

mcen1 · October 25, 2024, 2:58pm

Never heard of that OS. Pick a test system of minimal impact/importance and see if it works.

bcoca · October 25, 2024, 8:44pm

ADE-OS will probably not work with shell either, only with raw, I would look at the cisco collections/modules to see if any support it.

stipemd · October 29, 2024, 5:27pm

I’m trying the user module but is there any way I can do it without needing sudo?

I have become: false set and get the below message on each server when I run the playbook.

ansible FAILED! => {"changed": false, "msg": "usermod: Permission denied.\nusermod: cannot lock /etc/passwd; try again later

If I have become: true and run the playbook, then I get the below message which makes sense.
"msg": "Missing sudo password"

playbook

name: blah
  hosts: all
  any_errors_fatal: true
  become: false

  tasks:
    - name: Change the password for srvAdmin
      ansible.builtin.user:
        name: srvAdmin
        update_password: always
        password: "{{ newPassword|password_hash('sha512') }}"

I pass in the value of newPassword via command line var

Topic		Replies	Views
Changing different passwords for servers in Ansible Get Help	1	161	March 4, 2024
Can't log in root after changing root password by 'user' module Get Help ubuntu	3	631	October 19, 2023
SSH Passwordless Authentication Get Help ansible-core , rhel , ansible	12	830	May 16, 2024
How do you handle password rotation for local users? Get Help ubuntu	2	89	July 10, 2024
Automate IOS device local password change Get Help playbook , network , cisco , ios	0	32	September 20, 2024

Changing non-ansible user password on remote server

Related topics