I have a home lab with several servers and vm's. I want to use ansible to update the root password on all these machines. I need the playbook to ask for three passwords. User login, sudo login, and new root password. The playbook will then update the root password with the new root password. My current playbook will ask for the first two and hardcodes the root password. I cannot figure out how to ask for the third password and then update the root password with it. Can someone help me with the needed changes?
Yes I know all about the security issues with this script. In this case, I cannot use ssh keys for this solution.
Here is my playbook changepasswd.yml
---
- hosts: rootpass
become: yes
become_user: root
gather_facts: False
tasks:
- name: Change root password
user:
name: root
password: "{{ 'PaSsWoRd1' | password_hash('sha512') }}"
The Ansible command line I use is as follows.
ansible-playbook ./change-root-pass.yml -k -K -v
I also use a local host file with the server hostnames.
[rootpass]
server1
server2
server3
Add a vars_prompt
section in your playbook and you're all set. Note that the variable can be hashed on the fly and that you can ask user to confirm as demonstrated below. Since passwords can often contain special chars, it is also a good practice to declare that variable unsafe. Check the documentation for more information.
- name: Change root password for all lab machines
hosts: rootpass
become: true
gather_facts: false
vars_prompt:
- name: new_root_password_encrypted
prompt: Please enter the new root password
private: true
encrypt: sha512_crypt
confirm: true
unsafe: true
tasks:
- name: Change root password
user:
name: root
password: "{{ new_root_password_encrypted }}"