Ansibleでwindows serverの接続ユーザ自身のパスワードを変えるには？

以下のようなコードで接続ユーザ自身のパスワードを変更しようとしたのですが、エラーとなってしまいます。

- name: <win> modify user passwd
  win_user:
    name: "{{ username }}"
    password: "{{ passwd }}"
  register: result_change
  failed_when: false
  tags:
    - modify
    - never

接続するとパスワード自体は変更できているようなのですが、Ansibleだと接続が切れてしまうようです。

何かご存じの方いらっしゃいましたら、対処法についてヒントだけでもご教示頂けると助かります。

■エラーメッセージ

TASK [passwd_mgmt : <win> modify user passwd] ************************************************************************************************************
task path: /home/ansible/srv_ops_cd/roles/passwd_mgmt/tasks/win_passwd_mgmt.yml:23
Friday 22 May 2020  01:34:39 +0900 (0:00:00.058)       0:00:03.069 ************
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/windows/win_user.ps1
Pipelining is enabled.
<10.112.4.15> ESTABLISH WINRM CONNECTION FOR USER: opc on PORT 5986 TO 10.112.4.15
EXEC (via pipeline wrapper)
The full traceback is:
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/winrm/transport.py", line 329, in _send_message_request
    response.raise_for_status()
  File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 941, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error:  for url: https://10.112.4.15:5986/wsman

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/ansible/executor/task_executor.py", line 146, in run
    res = self._execute()
  File "/usr/local/lib/python3.6/site-packages/ansible/executor/task_executor.py", line 645, in _execute
    result = self._handler.run(task_vars=variables)
  File "/usr/local/lib/python3.6/site-packages/ansible/plugins/action/normal.py", line 46, in run
    result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async))
  File "/usr/local/lib/python3.6/site-packages/ansible/plugins/action/__init__.py", line 923, in _execute_module
    res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)
  File "/usr/local/lib/python3.6/site-packages/ansible/plugins/action/__init__.py", line 1071, in _low_level_execute_command
    rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
  File "/usr/local/lib/python3.6/site-packages/ansible/plugins/connection/winrm.py", line 548, in exec_command
    result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True, stdin_iterator=stdin_iterator)
  File "/usr/local/lib/python3.6/site-packages/ansible/plugins/connection/winrm.py", line 509, in _winrm_exec
    self.protocol.cleanup_command(self.shell_id, command_id)
  File "/usr/local/lib/python3.6/site-packages/winrm/protocol.py", line 390, in cleanup_command
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/local/lib/python3.6/site-packages/winrm/protocol.py", line 243, in send_message
    resp = self.transport.send_message(message)
  File "/usr/local/lib/python3.6/site-packages/winrm/transport.py", line 323, in send_message
    response = self._send_message_request(prepared_request, message)
  File "/usr/local/lib/python3.6/site-packages/winrm/transport.py", line 333, in _send_message_request
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server
fatal: [10.112.4.15]: FAILED! => {
    "msg": "Unexpected failure during module execution.",
    "stdout": ""
}
META: noop
META: noop

行動規範の内容に同意します

回答1件

net user コマンドで変更して対応しました。

- name: <win> modify user passwd
  win_command: net user "{{ username }}" "{{ passwd }}"
  register: result_change
  failed_when: false
  tags:
    - modify
    - never

- name: <win> <fail> result modify user passwd
  debug: msg="{{ result_change.stderr_lines }}"
  failed_when: true
  when: result_change.rc != 0
  tags:
    - modify
    - never

- name: <win> <success> result modify user passwd
  debug: msg="{{ username }}  password was changed or the same"
  when: result_change.rc == 0
  tags:
    - modify
    - never

投稿2020/05/22 00:51

編集2020/05/22 03:07

ntaniuch

総合スコア12

ntaniuch

2020/05/26 08:11

すいません。錯覚でした。やはりこれでも自身のパスワードを変更した際には以下のエラーが出力されます。 ``` TASK [passwd_mgmt : <win> modify user passwd] ******************************************************************************* Tuesday 26 May 2020 17:09:32 +0900 (0:00:00.119) 0:00:03.682 *********** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server fatal: [10.112.4.15]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""} ```

ntaniuch

2020/05/27 01:50

結局代替ユーザを作成し、途中で実行ユーザを変更することで対応しました。 ``` - set_fact: ansible_user: "{{ alternative_user }}" when: - username == 'opc' - ansible_user == 'opc' tags: - modify - never ```

行動規範の内容に同意します