Press "Enter" to skip to content

Category: Ansible

Automate password changes with Ansible

Everyone should be changing root passwords from time to time on their infrastructure. It’s something we all put off as long as possible for various reasons whether they be the hatred of learning a new password or just sheer laziness. Needless to say, it is a necessity of being an admin of ANY system, hope or otherwise.

One way to get more people on the bandwagon of security and password changes is to make them as seamless as possible. Once again, I turn to Ansible to touch all my boxes for me so I can continue listening to my hero Henry Rollins wax poetic with Pete Holmes on his podcast.

It is worth noting that I do all my admin work via Ansible on my Macbook Pro. As such, I will assume you already have Ansible running on Mac OS X as well as Python.

Within Ansible, we will leverage the ‘user’ module to quickly change the password for the account root on all our servers. Ansible doesn’t allow you to pass a cleartext password through its playbooks so you have to install a password hashing library to be leveraged by Python.

To install the library:

Generate a hash for the new root password you want:

Simple Ansible playbook:

And that’s all there is to it. Execute this playbook against whatever servers you wish and you’re done. This is also a useful addition to your bootstrap playbooks for new provisioning!

Comments closed

Shellshock continued!

Since my last post, there have been FIVE new vulnerabilities released for bash. The floodgates have opened it seems… Obviously you want to push the bash updates to all your servers sooner rather than later and you have no reason not to as it’s a non-disruptive update.

A user in the sysadmin channel on FreeNode dropped this lovely bit of a code to check all current vulnerabilities on your servers. It’s 37 lines of code and it will spit out all useful information regarding if you are at risk or not.

Give it a go here: BashCheck

Comments closed