ansible user module change passwd
6,146 views
Skip to first unread message
hzj...@foxmail.com
Sep 30, 2016, 5:06:42 AM9/30/16
to ansible-project
hello,all
i want to use ansible user module to change password on the remote hosts,
but , if the user is not in the remote hosts, ansible will create the user, how can i change password only, if user is not exist, return error is ok;
JayB
Sep 30, 2016, 5:18:18 AM9/30/16
to Ansible Project, hzj...@foxmail.com
Please try the below. It works.
---
- hosts: localhost
remote_user: root
become: yes
gather_facts: yes
vars:
user_name: youruser
vars_prompt:
- name: "new_password"
prompt: "Enter New Password"
private: yes
encrypt: "md5_crypt"
confirm: yes
salt_size: 7
tasks:
- name: Change password of existing user
user: name={{user_name}} update_password=always password={{new_password}}
hzj...@foxmail.com
Sep 30, 2016, 5:48:33 AM9/30/16
to JayB, ansible-project
i tried, the playbook still creates the user if user not exists on the remote hosts ;
JayB
Sep 30, 2016, 6:31:20 AM9/30/16
to Ansible Project, jayas...@gmail.com, hzj...@foxmail.com
It worked for me. It throws error if user doesn't exist.
Kai Stian Olstad
Sep 30, 2016, 7:53:58 AM9/30/16
to ansible...@googlegroups.com
On 30.09.2016 11:50, hzj...@foxmail.com wrote:
> i tried, the playbook still creates the user if user not exists on
> the remote hosts ;
You'll need to add a test to check if the user exist and use a when on
> i tried, the playbook still creates the user if user not exists on
> the remote hosts ;
the update password task.
> ---
> - hosts: localhost
> remote_user: root
> become: yes
> gather_facts: yes
> vars:
> user_name: youruser
>
> vars_prompt:
> - name: "new_password"
> prompt: "Enter New Password"
> private: yes
> encrypt: "md5_crypt"
> confirm: yes
> salt_size: 7
>
> tasks:
> - name: Change password of existing user
> user: name={{user_name}} update_password=always
> password={{new_password}}
>
- name: Get information about the user
getent:
key={{user_name}}
database=passwd
fail_key=false
- name: Change password of existing user
user:
name={{user_name}}
update_password=always
password={{new_password}}
--
Kai Stian Olstad
hzj...@foxmail.com
Sep 30, 2016, 10:23:03 PM9/30/16
to ansible-project
thanks for ur advice, i have aix and linux, i wrote the playbook based on ur reply, it works , but i think it's too long, is there a better way to rewrite this ?
---
- name: test
hosts: all
gather_facts: true
- name: test
hosts: all
gather_facts: true
tasks:
- name: Get information about the user for linux
getent:
key=foo
database=passwd
fail_key=false
register: user_info_linux
when: ansible_system == 'Linux'
- debug: var=user_info_linux
- name: Get information about the user for aix
command: "lsuser foo"
ignore_errors: yes
register: user_info_aix
when: ansible_system == 'AIX'
- debug: var=user_info_aix
- name: change pwd for linux
command: uname -a
when: ansible_system == 'Linux' and user_info_linux.ansible_facts.getent_passwd.foo != None
- name: change pwd for aix
command: uname -a
when: ansible_system == 'AIX' and user_info_aix.stdout != ""
--You received this message because you are subscribed to the Google Groups "Ansible Project" group.To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.To post to this group, send email to ansible...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/100af417a6c3674c2956c073c0a603e1%40olstad.com.For more options, visit https://groups.google.com/d/optout.
Kai Stian Olstad
Oct 1, 2016, 5:00:57 AM10/1/16
to ansible...@googlegroups.com
On 01. okt. 2016 04:24, hzj...@foxmail.com wrote:
>
> thanks for ur advice, i have aix and linux, i wrote the playbook based on ur reply, it works , but i think it's too long, is there a better way to rewrite this ?
In my opinion it's not long, you could but the code in it's one file and
>
> thanks for ur advice, i have aix and linux, i wrote the playbook based on ur reply, it works , but i think it's too long, is there a better way to rewrite this ?
use include if you would like the playbook to have less code.
the same code on AIX and Linux. I think AIX has egrep.
tasks:
- Name get user
shell: egrep "^{{ user }}:" /etc/passwd
register: user_info
- name: Change passwd
command: <whatever to change password>
when: user_info.rc == 0
--
Kai Stian Olstad
hzj...@foxmail.com
Oct 2, 2016, 8:50:23 PM10/2/16
to ansible-project
thanks, my final playbook comes to this, works pretty well, problem solved!
---
- hosts: all
gather_facts: false
vars:
- usernames: "{{ user_name_lists}}"
tasks:
- name: GetUserInfo
shell: egrep "^{{ item }}:" /etc/passwd
ignore_errors: yes
with_items:
- "{{ usernames }}"
register: user_info
- name: ChangeUserPassord
user: name="{{ item.item }}" password="{{ new_password }}" update_password=always
when: item.rc == 0
with_items: "{{ user_info.results }}"
- hosts: all
gather_facts: false
vars:
- usernames: "{{ user_name_lists}}"
tasks:
- name: GetUserInfo
shell: egrep "^{{ item }}:" /etc/passwd
ignore_errors: yes
with_items:
- "{{ usernames }}"
register: user_info
- name: ChangeUserPassord
user: name="{{ item.item }}" password="{{ new_password }}" update_password=always
when: item.rc == 0
with_items: "{{ user_info.results }}"
From: Kai Stian OlstadDate: 2016-10-01 17:00To: ansible-projectSubject: Re: [ansible-project] Re: Re: ansible user module change passwd
--You received this message because you are subscribed to the Google Groups "Ansible Project" group.To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6c6b3958-5bed-0478-971c-3f34cb138312%40olstad.com.
Reply all
Reply to author
Forward
0 new messages