Before we proceed, since Ansible does not allow us to pass a cleartext password through the User module, we’ll need to leverage on a password hashing library in Python.
pip install passlib
Update User Password with Ansible Playbook
Setup your playbook as followed. Let’s call it change-password.yml
.
This playbook aims to update the password for the user admin
across all hosts.
---
- hosts: all
become: yes
tasks:
- name: Change user password
user:
name: admin
update_password: always
password: "{{ newpassword|password_hash('sha512') }}"
To run this playbook, run the command as below. This will input the newpassword variable that will be used by our playbook.
ansible-playbook -i hostfile change-password.yml --extra-vars newpassword=12345678
Update User Password with Ansible from Command Line
Alternatively, if you prefer to run it only one time from command line directly, here’s the command that will do the same thing as the playbook above:
ansible -i hostfile all -m user -a "name=admin update_password=always password={{ newpassword|password_hash('sha512') }}" -b --extra-vars "newpassword=12345678"
Personally, I prefer the playbook approach as I could then commit to Github for future reuse.
Was it helpful?
If you find this article helpful, do give me a little clap on Medium. 😄 It really makes my day to know that I have helped a fellow developer out there. Thanks!