stipemd
(beebuzz)
October 25, 2024, 1:22pm
1
There exists a service account srvAdmin
on other Linux hosts which I need to log in as that account and change its password. I can’t set up an ansible service account on all those other hosts since they don’t belong to me.
I have the ansible_password variable set in my inventory file. I know thats not best practice but I can’t use my ansible service account SSH key in this case.
This is what the inventory file looks like:
all:
vars:
ansible_user: srvAdmin
ansible_password: password123
My goal is to login in to other servers using these credentials.
I need assistance on the playbook aspect:
- name: Change the srvAdmin password
hosts: all
any_errors_fatal: true
become: false
vars:
myuser: "srvAdmin "
currentPassword: "password123"
newPassword: "password123abc"
Basically I’m not sure of what module to use to change from currentPassword
to newPassword
.
I was thinking the ansible.builtin.shell
module to issue the passwd
command but I’m not sure on how to:
Enter in the value of currentPassword
once passwd
gets executed.
And similarly enter the newPassword
.
Thanks for reading
mcen1
(mcen1)
October 25, 2024, 2:27pm
2
2 Likes
stipemd
(beebuzz)
October 25, 2024, 2:41pm
3
well I also have some odd servers with different operating system such as ADE-OS so I thought shell module would help run into less errors where as I don’t know if user module will cause an error or not.
mcen1
(mcen1)
October 25, 2024, 2:58pm
4
Never heard of that OS. Pick a test system of minimal impact/importance and see if it works.
1 Like
bcoca
(Brian Coca)
October 25, 2024, 8:44pm
5
ADE-OS will probably not work with shell
either, only with raw
, I would look at the cisco collections/modules to see if any support it.
2 Likes
stipemd
(beebuzz)
October 29, 2024, 5:27pm
6
I’m trying the user module but is there any way I can do it without needing sudo?
I have become: false
set and get the below message on each server when I run the playbook.
ansible FAILED! => {"changed": false, "msg": "usermod: Permission denied.\nusermod: cannot lock /etc/passwd; try again later
If I have become: true
and run the playbook, then I get the below message which makes sense.
"msg": "Missing sudo password"
playbook
name: blah
hosts: all
any_errors_fatal: true
become: false
tasks:
- name: Change the password for srvAdmin
ansible.builtin.user:
name: srvAdmin
update_password: always
password: "{{ newPassword|password_hash('sha512') }}"
I pass in the value of newPassword via command line var