In my Ansible git repo, I have a var file with contents like this
vault_users:
alex:
password: $1$zMcbvpnN$DxP/LRsINODRkBxG0Kz4.1
danny:
password: $1$zMcbvpnN$DxP/LRsINODRkBxG0Kz4.1
gary:
password: $1$zMcbvpnN$DxP/LRsINODRkBxG0Kz4.1
Now, I want to check if the password hashes from this var file matches the ones from the /etc/shadow file on a remote server. I know it is possible to mix Ansible and a bash/python script to get what I want. I would like to know if it is possible to do this using pure Ansible playbooks only (no bash/python scripts) using the lookup plugin or some other Ansible feature.
Now, I want to check if the password hashes from this var file matches the ones from the /etc/shadow file on a remote server. I know it is possible to mix Ansible and a bash/python script to get what I want. I would like to know if it is possible to do this using pure Ansible playbooks only (no bash/python scripts) using the lookup plugin or some other Ansible feature.
Write a playbook to change passwords and run it in check mode?
Cheers,
Paul
That’s exactly what I am doing right now using the user module. The problem is if anything other than the password is changed, like the user’s groups on the remote server I am checking against, Ansible output shows changed. And then I have to scroll through hundreds of lines to find out which user’s settings changed. It would be nice if Ansible could tell me which particular user’s password was different.