Hi,
i try to update the password of the ansible user, which works, but after updateing the password the next step failed because Authentication failed.
I tried to update ansible_become_password but maybe it can not be updated on runtime?
here are the relevant parts of my playbook
- name: "Generate an ansible secret for host {{ new_hostname }}"
ansible.builtin.set_fact:
new_ansible_password: "{{ lookup('ansible.builtin.password', '/dev/null', length=32) }}"
- name: Insert or Update ansible password inside passwordstore
ansible.builtin.set_fact:
pass_storage: "{{ lookup('community.general.passwordstore', 'clients/'+ new_hostname +'/ansible_password', userpass=new_ansible_password, preserve=false, overwrite=true, create=true, timestamp=false) }}"
- name: Set new ansible password on system
ansible.builtin.user:
name: ansible
password: "{{ new_ansible_password | password_hash('sha512', password_salt) }}"
state: present
- name: Update ansible_become_password to new password
ansible.builtin.set_fact:
ansible_become_password: "{{ new_ansible_password }}"
- name: "Force password change for {{ my_user }}"
ansible.builtin.shell: chage -d 0 "{{ username }}"
when: adduser.changed
- name: create ssh related user folder
ansible.builtin.file:
path: "/home/{{username}}/.ssh/"
state: directory
unfortunately this does not work, i get following output
TASK [Generate a ansible secret for host deploy-test] **************************************************
ok: [vm_provision]
TASK [Insert or Update ansible password inside passwordstore] ******************************************
ok: [vm_provision]
TASK [Set new ansible password on system] **************************************************************
[DEPRECATION WARNING]: Encryption using the Python crypt module is deprecated. The Python crypt module
is deprecated and will be removed from Python 3.13. Install the passlib library for continued
encryption functionality. This feature will be removed in version 2.17. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg.
changed: [vm_provision]
TASK [Update ansible_become_password to new password] **************************************************
ok: [vm_provision]
TASK [Force password change for HexaOrko] ***************************************************************
skipping: [vm_provision]
TASK [create ssh related user folder] ******************************************************************
fatal: [vm_provision]: FAILED! => {"changed": false, "module_stderr": "Warning: Permanently added '192.168.1.254' (ED25519) to the list of known hosts.\r\nConnection to 192.168.1.254 closed.\r\n", "module_stdout": "\r\r\ndoas: Authentication failed\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}