top of page
Recent Posts
  • Writer's pictureZakir

Predefined password change on multiple host at a time using Ansible

Updated: Oct 3, 2021

Password change is a regular activities as well as its mandatory by several compliance such as PCI DSS, GDPR, NIST etc. To change of multiple users password at a time Its nightmare also time consuming task for system admin. To make IT people life easier i create a playbook to change multiple users password on several hosts at a time.

Follow the below procedure:

Add hosts into inventory file

# vim /etc/ansible/hosts

# Add below lines at the end of the hosts files


Create playbook file

# cd /etc/ansible/playbooks

Create encrypted password

# echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$6$YOURSALT")' | python -

I will use above encrypted password into playbook file.

# vim password-change.yaml

- hosts: dbservers
  become: yes
  become_user: root
  become_method: sudo
  remote_user: sys-admin

  ora_pass_1037: '$6$YOURSALT$1qZi8D5mykvt9Jxh8BKPur9LZZ1rNjLoZNa966YsmR7f..MzF1X02DhprqKmZhrmm8Bv8ermqdvx3I8lhtYAy'  
  ora_pass_1042: '$6$YOURSALT$rFuT5lncRmkHvOb76uXOspJFRXjsRnsXglsXfCew8buMdCjw8IBJ.0rwa.yIQ1CllnPNAfcXz4A7rbFAIMaI/.'

    - name: Change test user password of
      action: user name=test update_password=always password="{{ora_pass_1037}}"
      when: inventory_hostname == ""

    - name: Change test user password of
      action: user name=test update_password=always password="{{ora_pass_1042}}"
      when: inventory_hostname == ""

Explanation of playbook file:

hosts: dbservers	

Here dbservers is the group name that declare into inventory file.

become: yes
become_user: root
become_method: sudo

Above 3 line will execute the playbook as a root.

remote_user: sys-admin 

Here sys-admin is a central user. This could be local user or IPA user. If sys-admin users is the local then sudoers entry must required for each host.

# visudo
User_Alias ADMINS = sys-admin

If the sys-admin user is an IPA user then above configuration is not required. I will try to give a post where I will show how the "IPA" user can be used in the ansible playbook.

Now its time to run the playbook:

# cd /etc/ansible/playbooks
# ansible-playbook -l dbservers password-change.yaml -k -K -v

If everything is ok then password will be change successfully.

That's it.

Hope this will help.

115 views0 comments

Recent Posts

See All