top of page
Recent Posts
  • Writer's pictureZakir

Predefined password change on multiple host at a time using Ansible

Updated: Oct 3, 2021

Password change is a regular activities as well as its mandatory by several compliance such as PCI DSS, GDPR, NIST etc. To change of multiple users password at a time Its nightmare also time consuming task for system admin. To make IT people life easier i create a playbook to change multiple users password on several hosts at a time.


Follow the below procedure:


Add hosts into inventory file

# vim /etc/ansible/hosts

# Add below lines at the end of the hosts files

[dbservers]
192.168.10.37
192.168.10.42
:wq

Create playbook file

# cd /etc/ansible/playbooks


Create encrypted password

# echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$6$YOURSALT")' | python -

I will use above encrypted password into playbook file.


# vim password-change.yaml

- hosts: dbservers
  become: yes
  become_user: root
  become_method: sudo
  remote_user: sys-admin

  vars:
  ora_pass_1037: '$6$YOURSALT$1qZi8D5mykvt9Jxh8BKPur9LZZ1rNjLoZNa966YsmR7f..MzF1X02DhprqKmZhrmm8Bv8ermqdvx3I8lhtYAy'  
  ora_pass_1042: '$6$YOURSALT$rFuT5lncRmkHvOb76uXOspJFRXjsRnsXglsXfCew8buMdCjw8IBJ.0rwa.yIQ1CllnPNAfcXz4A7rbFAIMaI/.'

  tasks:
    - name: Change test user password of 192.168.10.37
      action: user name=test update_password=always password="{{ora_pass_1037}}"
      when: inventory_hostname == "192.168.10.37"

    - name: Change test user password of 192.168.10.42
      action: user name=test update_password=always password="{{ora_pass_1042}}"
      when: inventory_hostname == "192.168.10.42"

Explanation of playbook file:

hosts: dbservers	

Here dbservers is the group name that declare into inventory file.

become: yes
become_user: root
become_method: sudo

Above 3 line will execute the playbook as a root.

remote_user: sys-admin 

Here sys-admin is a central user. This could be local user or IPA user. If sys-admin users is the local then sudoers entry must required for each host.

# visudo
User_Alias ADMINS = sys-admin
ADMINS  ALL=(ALL)       ALL

If the sys-admin user is an IPA user then above configuration is not required. I will try to give a post where I will show how the "IPA" user can be used in the ansible playbook.


Now its time to run the playbook:

# cd /etc/ansible/playbooks
# ansible-playbook -l dbservers password-change.yaml -k -K -v

If everything is ok then password will be change successfully.


That's it.

Hope this will help.



323 views0 comments

Recent Posts

See All

How to install tomcat web server in a portable way?

Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies. Tomcat provides a "pure Java" HTTP web server environment in

Comments


Log In to Connect With Members
View and follow other members, leave comments & more.
bottom of page