Introduction

In today’s episode of Ansible Pilot, I’m Luca Berton, and we’ll be delving into the process of changing a user password on a Linux system using Ansible. Specifically, we’ll be utilizing the ansible.builtin.user module, an integral part of Ansible’s collection of built-in modules.

The Ansible User Module

The ansible.builtin.user module is a stable and well-established component of Ansible, designed to manage user accounts. It boasts compatibility with a wide range of Linux distributions, including RHEL, CentOS, Fedora, Ubuntu, Debian, SUSE, as well as SunOS, macOS, and FreeBSD. For Windows systems, the equivalent module is ansible.windows.win_user.

Parameters

The user module comes with various parameters, but the three key ones for our password-changing task are:

  • name (string): Specifies the username.
  • state (string): Indicates the desired state of the user account (present or absent).
  • password (string): For Linux systems, the password must be provided in encrypted form, while macOS accepts cleartext passwords.

Writing the Ansible Playbook

Let’s take a practical approach by crafting an Ansible Playbook that changes the password for a user account on a Linux system.

Ansible Playbook Code: change_password.yml

---
- name: user module Playbook
  hosts: all
  become: true
  vars:
    myuser: "example"
    mypassword: "password"
  tasks:
    - name: change password
      ansible.builtin.user:
        name: "{{ myuser }}"
        state: present
        password: "{{ mypassword | password_hash('sha512') }}"

Executing the Playbook

To execute the playbook, use the following command:

$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml

output

$ ansible-playbook -i Playbook/inventory change\ user\ password/user.yaml
PLAY [user module Playbook] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [change password] ****************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Join 50+ hours of courses in our exclusive community

Verification

You can verify the password change by attempting to SSH into the system with the updated credentials:

$ sshpass -p 'password' [email protected]

Note: Ensure that sshpass is installed on the system for this verification step.

Conclusion

In conclusion, you now possess the knowledge to change a user password on a Linux system using Ansible. The ansible.builtin.user module simplifies this task, allowing for seamless automation of user account management.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Patreon Buy me a Pizza