Kevin Bittner
Reputation: 25
Getting error when changing Ansible password
I am building an ansible playbook to change multiple passwords on our network. And it works! It changes all of the passwords like it is supposed to. However, the last password it changes is the ansible password, which then throws an error because it tries to do the success check using the old Ansible password. Is there a way to tell Ansible to use a different password after changing the password? Below is the entire playbook.
---
# Update local administrator on all Windows systems
- hosts: windows
gather_facts: yes
ignore_errors: no
tasks:
- name: Set Windows Administrator password
ansible.windows.win_user:
name: administrator
update_password: always
password: "{{ new_win_admin_pass }}"
- name: Set ansible password.
ansible.windows.win_user:
name: ansible
update_password: always
password: "{{ new_ansible_pass }}"
# Update all Linux accounts.
# This must always run last, once ansible password is changed, no further changes can occur.
- hosts: rhel
become: yes
gather_facts: yes
ignore_errors: no
tasks:
- name: Set Workstation admin password.
hosts: rhel_workstations
ansible.builtin.user:
name: admin
update_password: always
password: "{{ new_admin_pass | password_hash ('sha512')}}"
- name: Set Linux root password.
ansible.builtin.user:
name: root
update_password: always
password: "{{ new_root_pass | password_hash ('sha512')}}"
- name: Set ansible password.
ansible.builtin.user:
name: ansible
update_password: always
password: "{{ new_ansible_pw_var | password_hash ('sha512')}}"
Upvotes: 1
Views: 815
Answers (1)
Zeitounator
Reputation: 44605
I'd try to do this with an async task and check back on the result with the new password:
- hosts: rhel
become: yes
tasks:
- name: Set ansible password.
ansible.builtin.user:
name: ansible
update_password: always
password: "{{ new_ansible_pw_var | password_hash ('sha512')}}"
async: 15
poll: 0
register: change_ansible_password
- name: Check ansible password change was successful
vars:
ansible_password: "{{ new_ansible_pw_var }}"
async_status:
jid: "{{ change_ansible_password.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: 15
delay: 1
- name: polite guests always clean after themselves when necessary (see doc)
vars:
ansible_password: "{{ new_ansible_pw_var }}"
async_status:
jid: "{{ change_ansible_password.ansible_job_id }}"
mode: cleanup
Upvotes: 3
Related Questions
- Ansible handling password change on first login
- Change linux password with Ansible playbook script when connecting as a non-root user without sudo privileges
- Unable to change password for root account ansible
- Ansible password creation "The input password appears not to have been hashed"
- How pass password with Ansible?
- Ansible update user password
- Unable to bulk change user password with Ansible
- Ansible hash password not working
- changing password with ansible on older systems
- Missing become password in ansible playbook