LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-20-2021, 12:38 AM   #1
pantdk
Member
 
Registered: Oct 2011
Location: New Delhi
Posts: 248
Blog Entries: 3

Rep: Reputation: 17
Question reset of sudo users password in remote servers and fetch the hostname using anisble


Hi All,

Hope all are well. I am trying to reset the password of all remote server user. I have a user "ax_vaptlin" which is created in all the server. Now I am trying to reset the password on all the server. Therefore, I have created on Ansible server which can connect with all the server. But my commands are not working. Hence, need your input for fixing the issue.

Quote:
OS = RHEL7

[ax_vaptlin@ip-172-31-44-212 ~]$ ls -lart .ansible
total 0
drwx------ 4 ax_vaptlin ax_vaptlin 27 May 7 12:41 .
drwx------ 5 ax_vaptlin ax_vaptlin 287 May 19 09:55 ..
drwx------ 2 ax_vaptlin ax_vaptlin 6 May 20 05:12 tmp
drwx------ 2 ax_vaptlin ax_vaptlin 6 May 20 05:13 cp
[ax_vaptlin@ip-172-31-44-212 ~]$ pwd
/home/ax_vaptlin
[ax_vaptlin@ip-172-31-44-212 ~]$


[ax_vaptlin@ip-172-31-44-212 ~]$ egrep -v "^#|^$" .ansible.cfg
[defaults]
host_key_checking = false
sudo_user = [ax_vaptlin]
ask_sudo_pass = False
ask_pass = False
inventory = /home/ax_vaptlin/server
[inventory]
[privilege_escalation]
become=True
become_method=sudo
become_user=ax_vaptlin
become_ask_pass=False
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
[ax_vaptlin@ip-172-31-44-212 ~]$



[ax_vaptlin@ip-172-31-44-212 ~]$ ansible --version
ansible 2.9.18
config file = /home/ax_vaptlin/.ansible.cfg
configured module search path = [u'/home/ax_vaptlin/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]



[ax_vaptlin@ip-172-31-44-212 ~]$ ping 10.10.220.52
PING 10.10.220.52 (10.10.220.52) 56(84) bytes of data.
64 bytes from 10.10.220.52: icmp_seq=1 ttl=255 time=0.655 ms
64 bytes from 10.10.220.52: icmp_seq=2 ttl=255 time=0.695 ms
^C
--- 10.10.220.52 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.655/0.675/0.695/0.020 ms
[ax_vaptlin@ip-172-31-44-212 ~]$ ping 10.10.220.19
PING 10.10.220.19 (10.10.220.19) 56(84) bytes of data.
64 bytes from 10.10.220.19: icmp_seq=1 ttl=64 time=0.644 ms
64 bytes from 10.10.220.19: icmp_seq=2 ttl=64 time=0.666 ms
64 bytes from 10.10.220.19: icmp_seq=3 ttl=64 time=0.675 ms
^C
--- 10.10.220.19 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.644/0.661/0.675/0.032 ms
[ax_vaptlin@ip-172-31-44-212 ~]$


[ax_vaptlin@ip-172-31-44-212 ~]$ sudo -l
[sudo] password for ax_vaptlin:
Matching Defaults entries for ax_vaptlin on ip-172-31-44-212:
!visiblepw, always_set_home, match_group_by_gid, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User ax_vaptlin may run the following commands on ip-172-31-44-212:
(ALL) ALL
[ax_vaptlin@ip-172-31-44-212 ~]$


[ax_vaptlin@ip-172-31-44-212 ~]$ ansible linux -m command -a uptime -u ax_vaptlin -k
SSH password:
172.31.14.1 | FAILED | rc=-1 >>
Missing sudo password
[ax_vaptlin@ip-172-31-44-212 ~]$ ansible linux -m setup -a 'filter=ansible_hostname' -b -k
SSH password:
172.31.14.1 | FAILED! => {
"msg": "Missing sudo password"
}
[ax_vaptlin@ip-172-31-44-212 ~]$


Quote:
[ax_vaptlin@ip-172-31-44-212 ~]$ cat change-password.yml
---
- hosts: all
become: yes
tasks:
- name: Change user password
user:
name: ax_vaptlin
update_password: always
password: "{{ newpassword|password_hash('sha512') }}"
[ax_vaptlin@ip-172-31-44-212 ~]$

Quote:
[ax_vaptlin@ip-172-31-44-212 ~]$ ansible linux -m user -a "name=ax_vaptlin update_password=always password={{ newpassword|password_hash('sha512') }}" -b --extra-vars "newpassword=mypassword" -k
SSH password:
172.31.14.1 | FAILED! => {
"msg": "Missing sudo password"
}


Last edited by pantdk; 05-20-2021 at 02:19 AM.
 
Old 05-21-2021, 12:47 AM   #2
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 19,902

Rep: Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740
if I understand well the user which was used to run ansible has no sudo rights. Anyway [probably] would be better a centralized user/password manager.
 
Old 05-24-2021, 04:54 AM   #3
pantdk
Member
 
Registered: Oct 2011
Location: New Delhi
Posts: 248

Original Poster
Blog Entries: 3

Rep: Reputation: 17
Hi Pan64,

Thanks for the reply.. User have the sudo rights

Quote:
[ax_vaptlin@ip-172-31-44-212 ~]$ sudo -l
[sudo] password for ax_vaptlin:
Matching Defaults entries for ax_vaptlin on ip-172-31-44-212:
!visiblepw, always_set_home, match_group_by_gid, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User ax_vaptlin may run the following commands on ip-172-31-44-212:
(ALL) ALL
[ax_vaptlin@ip-172-31-44-212 ~]$

Now i am able to get the hostname of the server but still password reset is not working



Quote:
[ax_vaptlin@ip-172-31-44-212 ~]$ ansible linux -m setup -a 'filter=ansible_hostname' -b -k
SSH password:
172.31.44.212 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "ip-172-31-44-212",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
10.10.220.52 | UNREACHABLE! => {
"changed": false,
"msg": "Invalid/incorrect password: Permission denied, please try again.",
"unreachable": true
}
10.10.220.19 | UNREACHABLE! => {
"changed": false,
"msg": "Invalid/incorrect password: Permission denied, please try again.",
"unreachable": true
}
172.31.37.201 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "ip-172-31-37-201",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
172.31.45.46 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "ip-172-31-45-46",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
 
Old 05-24-2021, 05:42 AM   #4
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 19,902

Rep: Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740Reputation: 6740
yes, two hosts are unreachable (because Invalid/incorrect password: Permission denied,), and two others are already made, so nothing changed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ssh and cat hostname and fstab from list of servers results in only hostname hallomoto Linux - Newbie 4 11-08-2018 05:32 PM
HOSTNAME = hostname -> HOSTNAME: command not found ? thomas2004ch Linux - Software 2 08-26-2013 08:25 PM
[SOLVED] sudo password different from non-sudo password edrom Linux - Newbie 2 04-20-2012 03:00 PM
mplayer fetch subtitles option: --fetch-subs frenchn00b Linux - General 1 11-09-2009 11:21 PM
sudo fails - "sudo: can't get hostname: Success" fantasygoat Linux - Server 3 10-01-2009 02:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration