Try SpotterManage user accounts and user attributes on a BIG-IP.
| "added in version" 2.4 of ansible.builtin"
Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806)
preview | supported by community
pipInstall with pip install ansible==2.4.6.0.post1
Manage user accounts and user attributes on a BIG-IP.
- name: Add the user 'johnd' as an admin
bigip_user:
server: "lb.mydomain.com"
user: "admin"
password: "secret"
username_credential: "johnd"
password_credential: "password"
full_name: "John Doe"
partition_access: "all:admin"
update_password: "on_create"
state: "present"
delegate_to: localhost
- name: Change the user "johnd's" role and shell
bigip_user:
server: "lb.mydomain.com"
user: "admin"
password: "secret"
username_credential: "johnd"
partition_access: "NewPartition:manager"
shell: "tmsh"
state: "present"
delegate_to: localhost
- name: Make the user 'johnd' an admin and set to advanced shell
bigip_user:
server: "lb.mydomain.com"
user: "admin"
password: "secret"
name: "johnd"
partition_access: "all:admin"
shell: "bash"
state: "present"
delegate_to: localhost
- name: Remove the user 'johnd'
bigip_user:
server: "lb.mydomain.com"
user: "admin"
password: "secret"
name: "johnd"
state: "absent"
delegate_to: localhost
- name: Update password
bigip_user:
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "present"
username_credential: "johnd"
password_credential: "newsupersecretpassword"
delegate_to: localhost
# Note that the second time this task runs, it would fail because
# The password has been changed. Therefore, it is recommended that
# you either,
#
# * Put this in its own playbook that you run when you need to
# * Put this task in a `block`
# * Include `ignore_errors` on this task
- name: Change the Admin password
bigip_user:
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "present"
username_credential: "admin"
password_credential: "NewSecretPassword"
delegate_to: localhost
shell:
choices:
- bash
- none
- tmsh
description:
- Optionally set the users shell.
state:
choices:
- present
- absent
default: present
description:
- Whether the account should exist or not, taking action if the state is different
from what is stated.
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
ssh_keyfile:
description:
- Specifies the SSH keyfile to use to authenticate the connection to the remote
device. This argument is only used for I(cli) transports.
- You may omit this option by setting the environment variable C(ANSIBLE_NET_SSH_KEYFILE).
type: path
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- cli
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP with. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: '2.5'
version_added_collection: f5networks.f5_modules
full_name:
description:
- Full name of the user.
update_password:
choices:
- always
- on_create
default: on_create
description:
- C(always) will allow to update passwords if the user chooses to do so. C(on_create)
will only set the password for newly created users.
partition_access:
description:
- Specifies the administrative partition to which the user has access. C(partition_access)
is required when creating a new account. Should be in the form "partition:role".
Valid roles include C(acceleration-policy-editor), C(admin), C(application-editor),
C(auditor) C(certificate-manager), C(guest), C(irule-manager), C(manager), C(no-access)
C(operator), C(resource-admin), C(user-manager), C(web-application-security-administrator),
and C(web-application-security-editor). Partition portion of tuple should be an
existing partition or the value 'all'.
password_credential:
description:
- Set the users password to this unencrypted value. C(password_credential) is required
when creating a new account.
username_credential:
aliases:
- name
description:
- Name of the user to create, remove or modify.
required: true
full_name:
description: Full name of the user
returned: changed and success
sample: John Doe
type: string
partition_access:
description:
- List of strings containing the user's roles and which partitions they are applied
to. They are specified in the form "partition:role".
returned: changed and success
sample: '[''all:admin'']'
type: list
shell:
description: The shell assigned to the user account
returned: changed and success
sample: tmsh
type: string