Unlock and Lock users across multiple machines
361 views
Skip to first unread message
Alan Harkleroad
Jun 1, 2016, 2:01:42 PM6/1/16
to Ansible Project
Right now my system consists of 20 machines. When we make user accounts it locks them by default on creation with a default password they must change upon initial login.
Instead of locking the same account on each system individually I would like to be able to use ansible to either execute this ad-hoc or via a playbook.
Anyone else have this type of issue and how did you solve it.
1. If I run: sudo passwd -u someusername It will prompt me for my sudo credentials and then unlock the user. No problem. Now do it 19 more times, got to be a better way.
2. If i run it adhoc using ansible like so I get a response saying only root can do this.
ansible -m shell -a "passwd -u username" "test-server-suite" --ask-become-pass
Is there no way to run that ad hoc from command line or as a playbook using the user module or another module to unlock the same user across my entire architecture?
Again any help is appreciated.
Instead of locking the same account on each system individually I would like to be able to use ansible to either execute this ad-hoc or via a playbook.
Anyone else have this type of issue and how did you solve it.
1. If I run: sudo passwd -u someusername It will prompt me for my sudo credentials and then unlock the user. No problem. Now do it 19 more times, got to be a better way.
2. If i run it adhoc using ansible like so I get a response saying only root can do this.
ansible -m shell -a "passwd -u username" "test-server-suite" --ask-become-pass
Is there no way to run that ad hoc from command line or as a playbook using the user module or another module to unlock the same user across my entire architecture?
Again any help is appreciated.
Alan Harkleroad
Jun 1, 2016, 2:17:31 PM6/1/16
to Ansible Project
I figured it out, not sure if anyone else does it this way ad hoc but its a start
ansible test-server-suite -s -m shell -a "passwd -u username" -K
Prompts for my sudo credentials and away it goes. Worked across all 20 machines. Might be messy or can be simplified but I am learning as I go. Hope it helps someone else.
ansible test-server-suite -s -m shell -a "passwd -u username" -K
Prompts for my sudo credentials and away it goes. Worked across all 20 machines. Might be messy or can be simplified but I am learning as I go. Hope it helps someone else.
Johannes Kastl
Jun 1, 2016, 2:18:17 PM6/1/16
to ansible...@googlegroups.com
On 01.06.16 20:01 Alan Harkleroad wrote:
> 2. If i run it adhoc using ansible like so I get a response saying only
> root can do this.
>
> ansible -m shell -a "passwd -u username" "test-server-suite"
> --ask-become-pass
>
> Is there no way to run that ad hoc from command line or as a playbook using
> the user module or another module to unlock the same user across my entire
> architecture?
You are missing the -b switch to actually run this command via the
> 2. If i run it adhoc using ansible like so I get a response saying only
> root can do this.
>
> ansible -m shell -a "passwd -u username" "test-server-suite"
> --ask-become-pass
>
> Is there no way to run that ad hoc from command line or as a playbook using
> the user module or another module to unlock the same user across my entire
> architecture?
default become method (aka sudo). You only tell it to prompt you for
the sudo password, but do not tell it to actually use sudo...
Johannes
Johannes Kastl
Jun 1, 2016, 2:20:24 PM6/1/16
to ansible...@googlegroups.com
On 01.06.16 20:17 Alan Harkleroad wrote:
> ansible test-server-suite -s -m shell -a "passwd -u username" -K
You can put this into a playbook, too.
> ansible test-server-suite -s -m shell -a "passwd -u username" -K
- hosts: foobar
become: true
become_method: sudo
tasks:
- name: "Do something"
command: passwd -u username
Untested.
Also, why not use the user module to set the password?
Johannes
Alan Harkleroad
Jun 1, 2016, 2:24:06 PM6/1/16
to Ansible Project
I will give that playbook a try. I didnt want to change the default password we already had provided them on initial account creation, just let them do it when they logged in. It remains locked until they tell me they are ready to login the first time.
Alan Harkleroad
Jun 1, 2016, 2:34:38 PM6/1/16
to Ansible Project
For the password feature yes when creating new accounts we will make use of that, the uid/guid, and other user module features
On Wednesday, June 1, 2016 at 2:20:24 PM UTC-4, Johannes Kastl wrote:
Reply all
Reply to author
Forward
0 new messages