[LINUX] When I tried to change the root password with ansible, I couldn't access it.

If you write a suitable task like the one below, you will not be able to log in to root and I couldn't do anything because I hadn't created another user. .. ..

ansible:2.9.3 Target node OS: CentOS 7.7

root_passwd_change.yml


---
- hosts: test
  become: true
  tasks:
    - name: passwd change
      user:
        name: root
        password: newpassword

When you do this,

[root@ansible test]# ansible-playbook -i host root_passwd_change.yml

PLAY [test] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.1.136]

TASK [passwd change] ***********************************************************
[WARNING]: The input password appears not to have been hashed. The 'password'
argument must be encrypted for this module to work properly.

changed: [192.168.1.136]

PLAY RECAP *********************************************************************
192.168.1.136              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

I get angry at, but it looks like I was able to change it with the description of OK. But in reality If you use the expected password, you will not be able to ssh and you will not be able to log in from the console. Even if you run the playbook again, you will not be able to change it, so you will need to reset the password in rescue mode.

[root@ansible test]# ansible-playbook -i host root_passwd_change.yml

PLAY [test] *********************************************************************

TASK [Gathering Facts] *********************************************************
fatal: [192.168.1.136]: UNREACHABLE! => {"changed": false, "msg": "Invalid/incorrect password: Permission denied, please try again.", "unreachable": true}

PLAY RECAP *********************************************************************
192.168.1.136              : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Cause

[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

This is because the password is written solidly without being hashed as angry at. You can change it as expected by writing as follows.

root_passwd_change.yml


---
- hosts: test
  become: true
  tasks:
    - name: passwd change
      user:
        name: root
        password:  "{{ 'newpassword' | password_hash('sha512') }}"

I had to write it in hash as described in the document below.

https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-filters

When you do the above,

[root@ansible test]# ansible-playbook -i host root_passwd_change_fixed.yml

PLAY [test] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.1.136]

TASK [passwd change] ***********************************************************
changed: [192.168.1.136]

PLAY RECAP *********************************************************************
192.168.1.136              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

I was able to change it as I expected.

Recommended Posts

When I tried to change the root password with ansible, I couldn't access it.
When I tried to make a VPC with AWS CDK but couldn't make it
I tried to save the data with discord
When I tried to create a virtual environment with Python, it didn't work
I tried to learn the sin function with chainer
I tried to touch the CSV file with Python
[CentOS] When you change or forget the root password
I tried to solve the soma cube with python
I tried to automatically generate a password with Python3
I tried to solve the problem with Python Vol.1
In IPython, when I tried to see the value, it was a generator, so I came up with it when I was frustrated.
When I tried to do socket communication with Raspberry Pi, the protocol was different
What I did when I was angry to put it in with the enable-shared option
I tried to make it easy to change the setting of authenticated Proxy on Jupyter
I tried to find the entropy of the image with python
I tried to simulate how the infection spreads with Python
I tried to analyze the whole novel "Weathering with You" ☔️
I tried to find the average of the sequence with TensorFlow
I tried to notify the train delay information with LINE Notify
When I try to push with heroku, it doesn't work
I tried multiple user management (granting access rights) with ansible
I want to change the Japanese flag to the Palau flag with Numpy
Ubuntu blew up when I tried to change my username
I tried to divide the file into folders with Python
I tried to output the access log to the server using Node.js
I made a server with Python socket and ssl and tried to access it from a browser
I tried to move the ball
I tried to estimate the interval.
I tried to describe the traffic in real time with WebSocket
I tried to solve the ant book beginner's edition with python
I tried to automate the watering of the planter with Raspberry Pi
I tried to process the image in "sketch style" with OpenCV
I tried to get started with Bitcoin Systre on the weekend
I tried to process the image in "pencil style" with OpenCV
I tried to expand the size of the logical volume with LVM
I tried to improve the efficiency of daily work with Python
I tried to expand the database so that it can be used with PES analysis software
A story that didn't work when I tried to log in with the Python requests module
[Python] I tried to visualize the night on the Galactic Railroad with WordCloud!
I tried to refer to the fun rock-paper-scissors poi for beginners with Python
I tried to visualize AutoEncoder with TensorFlow
I tried to recognize the wake word
I tried to get started with Hy
I tried to express sadness and joy with the stable marriage problem.
765 I tried to identify the three professional families by CNN (with Chainer 2.0.0)
I tried to make a calculator with Tkinter so I will write it
I tried to get the authentication code of Qiita API with Python.
I tried to summarize the graphical modeling.
Matching karaoke keys ~ I tried to put it on Laravel ~ <on the way>
I tried to automatically extract the movements of PES players with software
I tried to learn the angle from sin and cos with chainer
I tried to estimate the pi stochastically
I tried to touch the COTOHA API
I tried with the top 100 PyPI packages> I tried to graph the packages installed on Python
I tried to implement CVAE with PyTorch
What I did when I couldn't find the feature point with the optical flow of opencv and when I lost it
I tried playing with the image with Pillow
I tried to analyze the negativeness of Nono Morikubo. [Compare with Posipa]
I tried to streamline the standard role of new employees with Python
I tried to visualize the text of the novel "Weathering with You" with WordCloud
I tried to visualize the model with the low-code machine learning library "PyCaret"