Right now my system consists of 20 machines. When we make user accounts it locks them by default on creation with a default password they must change upon initial login.
Instead of locking the same account on each system individually I would like to be able to use ansible to either execute this ad-hoc or via a playbook.
Anyone else have this type of issue and how did you solve it.
-
If I run: sudo passwd -u someusername It will prompt me for my sudo credentials and then unlock the user. No problem. Now do it 19 more times, got to be a better way.
-
If i run it adhoc using ansible like so I get a response saying only root can do this.
ansible -m shell -a “passwd -u username” “test-server-suite” --ask-become-pass
Is there no way to run that ad hoc from command line or as a playbook using the user module or another module to unlock the same user across my entire architecture?
Again any help is appreciated.
I figured it out, not sure if anyone else does it this way ad hoc but its a start
ansible test-server-suite -s -m shell -a “passwd -u username” -K
Prompts for my sudo credentials and away it goes. Worked across all 20 machines. Might be messy or can be simplified but I am learning as I go. Hope it helps someone else.
You are missing the -b switch to actually run this command via the
default become method (aka sudo). You only tell it to prompt you for
the sudo password, but do not tell it to actually use sudo...
Johannes
You can put this into a playbook, too.
- hosts: foobar
become: true
become_method: sudo
tasks:
- name: "Do something"
command: passwd -u username
Untested.
Also, why not use the user module to set the password?
Johannes
I will give that playbook a try. I didnt want to change the default password we already had provided them on initial account creation, just let them do it when they logged in. It remains locked until they tell me they are ready to login the first time.
For the password feature yes when creating new accounts we will make use of that, the uid/guid, and other user module features