I am trying to change password for a non-root Linux user from Ansible playbook. To do so I tried to follow this link
Following the instruction I can successfully change the password of a non-root user by typing the code below in the terminal.
$ echo -e "your_current_pass\nlinuxpassword\nlinuxpassword" | passwd
Changing password for testuser.
(current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
After that I am trying to automate the code with an Ansible playbook like below,
---
- hosts: all
gather_facts: no
tasks:
- name: "Check if user exists"
register: user1_exists
raw: getent passwd {{ ansible_user }}
ignore_errors: true
- name: "Change {{ ansible_user }} password"
raw: echo -e "my_current_pass\nmy_new_pass\nmy_new_pass" | passwd
when: user1_exists|success
I am using the raw module of Ansible here as most of my machines don't have Python installed. I do not have superuser (sudo)
permission either to use become: True
in playbook.
Also using password based authentication here to run the Ansible playbook on target machine. Not ssh based authentication.
But while I am executing the playbook I am getting this error,
TASK [change user1 password] ***************************************************
fatal: [192.168.0.57]: FAILED! => {"changed": true, "failed": true, "rc": 10,
"stderr": "Shared connection to 192.168.0.57 closed.\r\n", "stdout": "Changing
password for testuser.\r\n(current) UNIX password: passwd: Authentication
token manipulation error\r\npasswd: password unchanged\r\n", "stdout_lines":
["Changing password for testuser.", "(current) UNIX password: passwd:
Authentication token manipulation error", "passwd: password unchanged"]}
Could anyone show me the mistakes I am making here?
Use the built-in user module instead of a shell command. This requires become: True
in your playbook. Note that the password
parameter of the user module requires an encrypted value. The password_hash
jinja filter will help you there.
- name: change user's password
user:
name: foo
password: "{{ 'passwordsaresecret' | password_hash('sha512') }}"