Menu
On Ubuntu 14.04 I creating user with disabled password like:
sudo adduser --disabled-password myuser
I need to do same with Ansible user module
--disabled-password
Similiar option in Ansible documentation is missing. Could somebody help me, how can I get the same result with user module?
913
If the remote user needs to provide a password in order to run sudo commands, you can include the option --ask-become-pass to your Ansible command. This will prompt you to provide the remote user sudo password: ansible all -m ping --ask-become-pass.
Creating encrypted variables To create a basic encrypted variable, pass three options to the ansible-vault encrypt_string command: a source for the vault password (prompt, file, or script, with or without a vault ID) the string to encrypt. the string name (the name of the variable)
First, log in to the Ansible controller host, 2. Run the following commands to create the ~/ansible_create_user directory and change to that directory. This directory will contain the playbook and all the required configuration files that you'll use to invoke the Ansible create user module.
To specify a password for sudo, run ansible-playbook with --ask-become-pass ( -K for short). If you run a playbook utilizing become and the playbook seems to hang, most likely it is stuck at the privilege escalation prompt. Stop it with CTRL-c , then execute the playbook with -K and the appropriate password.
user module use useradd command under the hood.
If you omit password parameter for user module, ansible calls useradd without -p flag.
Man page of useradd states:
-p, --password PASSWORD
The encrypted password, as returned by crypt(3). The default is to disable the password.
This is exactly what is needed by OP.
Comparison of adduser --disabled-password test1 and - user: name=test2 state=present:
# grep test /etc/shadow
test1:*:17031:0:99999:7:::
test2:!:17031:0:99999:7:::
# passwd -S test1
test1 L 08/18/2016 0 99999 7 -1
# passwd -S test2
test2 L 08/18/2016 0 99999 7 -1
As you see in both cases passwords are locked.
91
Since Ansible 2.6 the user module has the option password_lock, which will run usermod -L (Linux), pw lock (FreeBSD), or usermod -C (?):
usermod -L:
Lock a user's password. This puts a '!' in front of the encrypted password, effectively disabling the password.
pw lock:
The pw utility supports a simple password locking mechanism for users; it works by prepending the string
*LOCKED*to the beginning of the password field in master.passwd to prevent successful authentication.
So you could use:
- name: Create password locked user
user:
name: myuser
state: present
password_lock: yes
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
