.. _ug_task_passwords_passwordstore_ex1: Example 1: Update or create passwords """"""""""""""""""""""""""""""""""""" Let's start with no passwords stored in :index:`passwordstore` for users at host *test_01*. The command shows no results .. code-block:: YAML :emphasize-lines: 1 shell> pass test_01 Create a playbook .. code-block:: YAML :emphasize-lines: 1 shell> cat lp.yml - hosts: test_01 become: true roles: - vbotka.linux_postinstall Create *host_vars/test_01/lp-users.yml* with two users *user1* and *user2* .. code-block:: YAML :emphasize-lines: 1 shell> cat host_vars/test_01/lp-users.yml lp_users: - {name: user1, shell: /bin/sh} - {name: user2, shell: /bin/bash} - {name: user3, shell: /bin/bash, disabled_password: true} .. note:: * If `disabled_password` is set *true (default: false)* the password won't be created, but login is still possible (for example with SSH RSA keys). Create users. This step will create the users and configure their login shell. Other parameters of the Ansible module `user `_ will be omitted because the only required parameter is *name*. It's a good idea to create one account with the login shell */bin/sh* and use it as Ansible `remote_user `_. .. code-block:: YAML :emphasize-lines: 1 shell> ansible-playbook lp.yml -t lp_users ... TASK [vbotka.linux_postinstall : users: Manage user accounts] ********* changed: [test_01] => (item=user1) changed: [test_01] => (item=user2) Create *host_vars/test_01/lp-passwords.yml* .. code-block:: YAML :emphasize-lines: 1 shell> cat host_vars/test_01/lp-passwords.yml lp_passwords: true lp_passwordstore: true lp_passwordstore_create: false lp_passwordstore_overwrite: false Create passwords. This step will use *passwordstore* to create the passwords and configure them. New passwords will be created only if allowed by the configuration of *lp_passwordstore_create*. We set this variable to *True* in this command but keep it *False* in the configuration to keep the passwords once created. The value of *lp_passwordstore_overwrite* is *False*. New passwords will be assigned to the users if no passwords have been assigned to the users before. To change the passwords in the future set both variables *True* on the command-line. .. code-block:: YAML :emphasize-lines: 1-2 shell> ansible-playbook lp.yml -t lp_passwords -e lp_passwordstore_create=True ... TASK [vbotka.ansible_lib : al_pws_user_host: Retrieve, create or update ...] ok: [test_01] => (item=user1) ok: [test_01] => (item=user2) ... TASK [vbotka.linux_postinstall : users: Manage user accounts] ********** changed: [test_01] => (item=user1) changed: [test_01] => (item=user2) The command is `idempotent` .. code-block:: Bash :emphasize-lines: 1 shell> ansible-playbook lp.yml -t lp_passwords ... PLAY RECAP ************************************************************* test_01: ok=18 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ... Show the passwords stored in *passwordstore* at the controller .. code-block:: Bash :emphasize-lines: 1,6,10 shell> pass test_01 test_01 ├── user1 └── user2 shell> pass test_01/user1 1rLy0eVpJiTpzj-4 lookup_pass: First generated by ansible on 01/07/2020 16:59:00 shell> pass test_01/user2 u4FLTCkKOHAyJxkg lookup_pass: First generated by ansible on 01/07/2020 16:59:00 Show the *passwordstore* log at the controller .. code-block:: Bash :emphasize-lines: 1,2 shell> cd ~/.password-store shell> git log commit 61bb8bcd7c2a359f53c8b3d4bacb8854b4dd9f89 (HEAD -> master) Author: Vladimir Botka Date: Wed Jul 1 16:59:00 2020 +0200 Add given password for test_01/user2 to store. commit 97b23a5221e721fb892d739b2817923a6db8614b Author: Vladimir Botka Date: Wed Jul 1 16:59:00 2020 +0200 Add given password for test_01/user1 to store. Show the created users at the remote host .. code-block:: Bash :emphasize-lines: 1 test_01> grep user /etc/passwd user1:x:1003:1003::/home/user1:/bin/sh user2:x:1004:1004::/home/user2:/bin/bash