Ok the scenario is I want to reset a users password on a system, but only if the user already exists. I cant find anyway to do this with existing modules, so I have reverted to a playbook. I’m not sure if my approach is fundamentally wrong but i can’t get it to work at the moment.

I use this sample dictionary. The accounts dont exist on the remote test system, so the idea is the adduser task doesn’t trigger. However if it did it would giving me the desired password reset.

cat .userlist.yml

grps:
crabtree: {}
crabtree2: {}
ut: {}
uts: {}
utsb: {}
users:
crabtree:
comment: ‘’
group: crabtree
groups: crabtree,ut,uts,utsb
name: crabtree
password: $6$XaPMGsKF$1PThCIJDfpCbnWn/AB1uCox06k9ircsFJ8LFrCl1510E3toGJNmCye88PoEKLpxTrnpibKiGHsh0ff11apUWJ/
crabtree2:
comment: ‘’
group: crabtree2
groups: crabtree2,ut,uts,utsb
name: crabtree2
password: $6$2CMAcCiX$v2sFL5VKJ/HTVoRsGPpOju1/gJXQxjiC55CLVcngspUyLs3X2hWpdIF1igMrBECDo9OdU.vnvtNdG/MJzD1tH0

The following doesnt work as the variable structure doesnt really help

cat //usr/local/scripts/ansible/playbooks/reset_password2.yml

It might be easier to just run:

- getent: database=passwd

and then make the users conditional on:

- user: name=item.value.name state=present ...
   when: item.value.name in getent_passwd

Finally got a chance to look at this again. Thanks for the pointer Brian you were spot on, and as a result its all far cleaner now.