manually login to each servers and setting root password, login to server1, set password “password123” ; then login to server2 set password “redhat123” like this i’m looking for ansible playbook, where i can automate for 100+servers.
Idea looking forward:-
1, Random password needs to be generated.
2, on each server, root user password should be reset by picking up from random password.
Note:- For security reason, we are resetting root password on monthly basis and those password should be generated randomly and reset.
If you’re ok with Ansible generating the password for you then storing it on the machine you ran the playbook from, then the password plugin might help a bit.
Assuming you have an inventory of servers and you’re OK with saving the latest password to “/tmp/root.password.hostname.txt”, I believe something like this will do what you’re looking for:
This will generate a random password of ASCII letters, digits and punctuation, the password will be 60 characters long, and the plain-text of it will be stored in /tmp/root.password.{hostname}.txt for each system.
The “password_hash()” modifier on the “password:” line hashes the password so the “user:” module can use it. It also assumes that the system getting the new password can handle SHA512 passwords. It also uses the “inventory_hostname” to ensure that the hashed password is idempotent between runs. The “1000000|…|string” uses the name of the system being worked on as a random seed and picks a pseudo-random value to use for the password hash.
NOTE: The first time this is run, the /tmp/root.password.{hostname}.txt file is created and used. The next time you run it, since that file exists it will re-use that raw password and not change it. To change the root password of that server, either delete the file and a new random password will be assigned, or create your own password and put it in this file.