From b8f3596abbee95417fe03e77f725d74f00e0eebd Mon Sep 17 00:00:00 2001
From: ogrechko <ogrechko@top-sysops.ru>
Date: Sun, 28 Dec 2025 15:41:01 +0000
Subject: [PATCH] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D1=82?=
 =?UTF-8?q?=D1=8C=20ansible/change=5Fpassword.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible/change_password.yml | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/ansible/change_password.yml b/ansible/change_password.yml
index 33e3ab8..eeda1a5 100644
--- a/ansible/change_password.yml
+++ b/ansible/change_password.yml
@@ -1,24 +1,18 @@
 ---
 - name: Utility - Change User Password
   hosts: masters,workers
-  become: true
   gather_facts: false
   vars:
-    # Эта переменная придет из Semaphore Survey
+    # Переменная requested_password придет из Survey в Semaphore
     target_user: "ubuntu"
   tasks:
-    - name: Ensure passlib is installed on target (needed for hashing)
-      apt:
-        name: python3-passlib
-        state: present
+    - name: Update password for {{ target_user }} using chpasswd
+      become: true
+      # Мы передаем пароль через стандартный поток ввода (stdin) прямо в системную утилиту
+      shell: "echo '{{ target_user }}:{{ requested_password }}' | chpasswd"
+      # Чтобы пароль не светился в логах Semaphore даже в режиме Debug
+      no_log: true 
 
-    - name: Update password for {{ target_user }}
-      ansible.builtin.user:
-        name: "{{ target_user }}"
-        # Мы берем сырой пароль из переменной и хешируем его прямо здесь
-        password: "{{ requested_password | password_hash('sha512') }}"
-        update_password: always
-
-    - name: Success message
+    - name: Confirm update
       debug:
-        msg: "Password for {{ target_user }} has been updated!"
\ No newline at end of file
+        msg: "Password for {{ target_user }} has been updated successfully."
\ No newline at end of file