Try Spotterimplements rest api for aaa configuration
| "added in version" 2.4.0 of arubanetworks.aos_switch"
Authors: Sanju Sadanandan (@hpe)
preview | supported by community
Install with ansible-galaxy collection install arubanetworks.aos_switch:==1.7.0
collections:
- name: arubanetworks.aos_switch
version: 1.7.0This implements rest apis which can be used to configure RADIUS Server
- name: Configure Radius server 10.0.0.1 with shared secret RADIUS!
arubaoss_radius_profile:
command: config_radius_server
server_ip: 10.0.0.1
shared_secret: "RADIUS!"
- name: Configure Global Radius Profile key
arubaoss_radius_profile:
command: config_radius_profile
key: "RADIUS!"
- name: Configure Radius Profile CPPM details for User Roles
arubaoss_radius_profile:
command: config_radius_profile
cppm_details: {'username':'superman','password': 'upupandaway'}
- name: Configure Radius Server -
arubaoss_radius_profile:
command: config_radius_server
server_ip: 10.0.0.1
shared_secret: "RADIUS!"
is_dyn_authorization_enabled: True
time_window: 0
- name: Configure Radius Server Group
arubaoss_radius_profile:
command: config_radius_serverGroup
server_ip: 10.0.0.1
server_group_name: SUPER
- name: Configure Radius server 10.1.1.1 with shared secret ARUBA!
arubaoss_radius_profile:
command: config_radius_server
server_ip: 10.1.1.1
shared_secret: "ARUBA!"
- name: Configure Radius server group
arubaoss_radius_profile:
command: config_radius_serverGroup
server_group_name: AVENGERS
server_ip: 10.1.1.1
key:
description: Used with config_radius_profile command, Configure the default authentication
key for all RADIUS. Input key as empty string to reset the value
required: false
type: str
host:
description: 'Specifies the DNS host name or address for connecting to the remote
device over the specified transport. The value of host is used as the destination
address for the transport.
'
type: str
port:
description: 'Specifies the port to use when building the connection to the remote
device.
'
type: int
config:
choices:
- create
- delete
default: create
description: To config or remove the required command
required: false
type: str
command:
choices:
- config_radius_profile
- config_radius_serverGroup
- config_radius_server
description: Function name calls according to configuration required - choice config_radius_profile
allows you to configure the switch's global radius server settings choice config_radius_server
allows you to configure a radius server IP host choice config_radius_serverGroup
allows you to configure a radius-server group with existing radius server hosts
required: true
type: str
timeout:
description: 'Specifies the timeout in seconds for communicating with the network
device for either connecting or sending commands. If the timeout is exceeded before
the operation is completed, the module will error.
'
type: int
use_ssl:
description: 'Configures use SSL (HTTPS) for access to the remote device.
'
type: bool
version:
choices:
- IAV_IP_V4
default: IAV_IP_V4
description: Version of the IP Address used (V6 is not supported via REST)
required: false
password:
description: 'Specifies the password to use to authenticate the connection to the
remote device. This value is used to authenticate the SSH session. If the value
is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD
will be used instead.
'
type: str
provider:
description: A dict object containing connection details.
suboptions:
api_version:
default: None
description: 'Configures (force) API version (vX.Y) for acces to the remote device.
'
type: str
host:
description: 'Specifies the DNS host name or address for connecting to the remote
device over the specified transport. The value of host is used as the destination
address for the transport.
'
type: str
password:
description: 'Specifies the password to use to authenticate the connection to
the remote device. This value is used to authenticate the SSH session. If the
value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD
will be used instead.
'
type: str
port:
description: 'Specifies the port to use when building the connection to the remote
device.
'
type: int
ssh_keyfile:
description: 'Specifies the SSH key to use to authenticate the connection to the
remote device. This value is the path to the key used to authenticate the SSH
session. If the value is not specified in the task, the value of environment
variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
'
type: path
timeout:
description: 'Specifies the timeout in seconds for communicating with the network
device for either connecting or sending commands. If the timeout is exceeded
before the operation is completed, the module will error.
'
type: int
transport:
default: aossapi
description: 'Configures the transport (aossapi or network_cli) mode.
'
type: str
use_proxy:
default: false
description: 'Configures use (Local) Proxy for access to the remote device.
'
type: bool
use_ssl:
description: 'Configures use SSL (HTTPS) for access to the remote device.
'
type: bool
username:
description: 'Configures the username to use to authenticate the connection to
the remote device. This value is used to authenticate the SSH session. If the
value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME
will be used instead.
'
type: str
validate_certs:
default: false
description: 'Configures validation of certification for access to the remote
device.
'
type: bool
type: dict
username:
description: 'Configures the username to use to authenticate the connection to the
remote device. This value is used to authenticate the SSH session. If the value
is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME
will be used instead.
'
type: str
dead_time:
default: 10
description: 'The RADIUS server dead_time. dead_time cannot set when is_tracking_enabled
is true. Input dead_time: null to reset the value. dead_time is indicated as null
instead of ''0'' in CLI'
required: false
type: int
server_ip:
description: Used with config_radius_server or config_radius_serverGroup - Radius
server hosts IP address. Minimum is 1 servers, and maximum is 3
required: false
type: str
api_version:
default: None
description: 'Configures (force) API version (vX.Y) for acces to the remote device.
'
type: str
ssh_keyfile:
description: 'Specifies the SSH key to use to authenticate the connection to the remote
device. This value is the path to the key used to authenticate the SSH session.
If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE
will be used instead.
'
type: path
cppm_details:
description: 'Username and password combination of CPPM which is used to login to
CPPM to download user roles, dictionary should be in the form: {''username'':''superman'',''password'':
''arubAn3tw0rks''}'
required: false
type: dict
dyn_autz_port:
default: 3799
description: Configure the UDP port for dynamic authorization messages.
required: false
type: int
shared_secret:
description: Used with config_radius_server command - The Radius server secret key
required: false
type: str
retry_interval:
default: 7
description: The RADIUS server retry interval
required: false
type: int
tracking_uname:
default: radius-tracking-user
description: The RADIUS service tracking username
required: false
type: str
validate_certs:
default: false
description: 'Configures validation of certification for access to the remote device.
'
type: bool
radius_server_id:
choices:
- 1 -- 15
default: 1
description: The unique ID of the RADIUS Profile.
required: false
time_window_type:
choices:
- TW_POSITIVE_TIME_WINDOW
- TW_PLUS_OR_MINUS_TIME_WINDOW
default: TW_POSITIVE_TIME_WINDOW
description: Time window type
required: false
server_group_name:
description: the AAA Server Group name
required: false
is_tracking_enabled:
description: The RADIUS server for if tracking is enabled. The flag is_tracking_enabled,
cannot set to true when dead_time is configured
required: false
retransmit_attempts:
default: 5
description: The RADIUS server retransmit attempts
required: false
type: int