If you're ok with Ansible generating the password for you then storing it on the machine you ran the playbook from, then the `password` plugin might help a bit.
Assuming you have an inventory of servers and you're OK with saving the latest password to "/tmp/root.password.hostname.txt", I believe something like this will do what you're looking for: - name: Force new root password user: name: root password: "{{ lookup('password', '/tmp/root.password.{{ inventory_hostname }}.txt length=60 chars=ascii_letters,digits,punctuation') | password_hash('sha512', 1000000 | random(seed=inventory_hostname) | string ) }}" update_password: always This will generate a random password of ASCII letters, digits and punctuation, the password will be 60 characters long, and the plain-text of it will be stored in /tmp/root.password.{hostname}.txt for each system. The "password_hash()" modifier on the "password:" line hashes the password so the "user:" module can use it. It also assumes that the system getting the new password can handle SHA512 passwords. It also uses the "inventory_hostname" to ensure that the hashed password is idempotent between runs. The "1000000|...|string" uses the name of the system being worked on as a random seed and picks a pseudo-random value to use for the password hash. NOTE: The first time this is run, the /tmp/root.password.{hostname}.txt file is created and used. The next time you run it, since that file exists it will re-use that raw password and not change it. To change the root password of that server, either delete the file and a new random password will be assigned, or create your own password and put it in this file. On Tuesday, September 17, 2019 at 11:36:25 AM UTC-5, Deepan M wrote: > > Hi, > > manually login to each servers and setting root password, login to > server1, set password "password123" ; then login to server2 set > password "redhat123" like this i'm looking for ansible playbook, where i > can automate for 100+servers. > > Idea looking forward:- > 1, Random password needs to be generated. > 2, on each server, root user password should be reset by picking up from > random password. > > Note:- For security reason, we are resetting root password on monthly > basis and those password should be generated randomly and reset. > > Thanks, > Deepan M > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ce3b0a8d-a359-4a07-949f-9a65633fa7d2%40googlegroups.com.