Update Password if user exist Ansible

Question

Im new on Ansible and i try to create some user accounts on remote servers and i encountered some trouble. I want to create users if they do not exist, and update them password if they are present.

I read the documentation and found the parameter "update_password" but im stuck on how to verify their existence.

I try to do like that :

- name: Determine local user accounts
   getent:
    database: passwd

 - name: Add user
   user:
     name: support
     comment: support account
     password: bonjour
     groups: support,pricing
     append: yes
   with_items: {{ user }}
   when: user not in ansible_facts.getent_passwd

 - name: Update user password
   user:
     name: support
     password: bonjour
     update_password: always
   with_items: {{ user }}
   when: user in ansible_facts.getent_passwd

Im not sure to understand the concept of ansible_facts.

Answer 1

A key foundation of Ansible, is that it is built around idempotency. This means you simply describe the state you want your system to be in, and leave it to Ansible to figure out the details of what needs to be done to make your system match your desired state.

Therefore, you simply need to define the user you want on the system, and Ansible will take care of checking whether they already exist or not, and act accordingly:

- name: Manage support user
  user:
     name: support
     comment: support account
     password: <some crypted password string>
     groups: support,pricing
     append: yes

This will add the user if they do not already exist, otherwise update the users parameters to match your specification.

Note You should not place clear text passwords in these tasks. Checkout this page for details of how to create an encrypted password.