Try SpotterManage TACACS server and its parameters
| "added in version" 1.1.0 of dellemc.enterprise_sonic"
Authors: Niraimadaiselvam M (@niraimadaiselvamm)
This plugin has a corresponding action plugin.
Install with ansible-galaxy collection install dellemc.enterprise_sonic:==2.4.0
collections:
- name: dellemc.enterprise_sonic
version: 2.4.0This module provides configuration management of tacacs server parameters on devices running Enterprise SONiC.
# Using deleted
#
# Before state:
# -------------
#
# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface : Ethernet12
#timeout : 10
#auth-type : login
#key : login
#------------------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY PORT PRIORITY TIMEOUT VRF
#------------------------------------------------------------------------------------------------
#1.2.3.4 pap ***** 50 2 10 mgmt
#localhost pap 49 1 5 default
#
- name: Merge tacacs configurations
dellemc.enterprise_sonic.sonic_tacacs_server:
config:
auth_type: login
key: login
source_interface: Ethernet 12
timeout: 10
servers:
host:
- name: 1.2.3.4
state: deleted
# After state:
# ------------
#
#do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#timeout : 5
#auth-type : pap
#------------------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY PORT PRIORITY TIMEOUT VRF
#------------------------------------------------------------------------------------------------
#localhost pap 49 1 5 default
# Using deleted
#
# Before state:
# -------------
#
# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface : Ethernet12
#timeout : 10
#auth-type : login
#key : login
#------------------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY PORT PRIORITY TIMEOUT VRF
#------------------------------------------------------------------------------------------------
#1.2.3.4 pap ***** 50 2 10 mgmt
#localhost pap 49 1 5 default
#
- name: Merge tacacs configurations
dellemc.enterprise_sonic.sonic_tacacs_server:
config:
state: deleted
# After state:
# ------------
#
#do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#timeout : 5
#auth-type : pap
# Using merged
#
# Before state:
# -------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#
- name: Merge tacacs configurations
dellemc.enterprise_sonic.sonic_tacacs_server:
config:
auth_type: pap
key: pap
source_interface: Ethernet 12
timeout: 10
servers:
host:
- name: 1.2.3.4
auth_type: pap
key: 1234
state: merged
# After state:
# ------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface : Ethernet12
#timeout : 10
#auth-type : pap
#key : pap
#------------------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY PORT PRIORITY TIMEOUT VRF
#------------------------------------------------------------------------------------------------
#1.2.3.4 pap 1234 49 1 5 default
#
# Using replaced
#
# Before state:
# -------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface : Ethernet12
#timeout : 10
#auth-type : pap
#key configured : Yes
#--------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY-CONFIG PORT PRIORITY TIMEOUT VRF
#--------------------------------------------------------------------------------------
#1.2.3.4 pap No 49 1 5 default
#
- name: Replace tacacs configurations
sonic_tacacs_server:
config:
auth_type: pap
key: pap
source_interface: Ethernet12
timeout: 10
servers:
- host:
name: 1.2.3.4
auth_type: mschap
key: 1234
state: replaced
#
# After state:
# ------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface : Ethernet12
#timeout : 10
#auth-type : pap
#key configured : Yes
#--------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY-CONFIG PORT PRIORITY TIMEOUT VRF
#--------------------------------------------------------------------------------------
#1.2.3.4 mschap Yes 49 1 5 default
#
# Using overridden
#
# Before state:
# -------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface : Ethernet12
#timeout : 10
#auth-type : pap
#key configured : Yes
#--------------------------------------------------------------------------------------
#HOST AUTH-TYPE KEY-CONFIG PORT PRIORITY TIMEOUT VRF
#--------------------------------------------------------------------------------------
#1.2.3.4 pap No 49 1 5 default
#11.12.13.14 chap Yes 49 10 5 default
#
- name: Override tacacs configurations
sonic_tacacs_server:
config:
auth_type: mschap
key: mschap
source_interface: Ethernet12
timeout: 20
servers:
- host:
name: 1.2.3.4
auth_type: mschap
key: mschap
- host:
name: 10.10.11.12
auth_type: chap
timeout: 30
priority: 2
state: overridden
state:
choices:
- merged
- replaced
- overridden
- deleted
default: merged
description:
- Specifies the operation to be performed on the tacacs server configured on the device.
- In case of merged, the input mode configuration will be merged with the existing
tacacs server configuration on the device.
- In case of deleted the existing tacacs server mode configuration will be removed
from the device.
- In case of replaced, the existing tacacs server configuration will be replaced with
provided configuration.
- In case of overridden, the existing tacacs server configuration will be overridden
with the provided configuration.
type: str
config:
description:
- Specifies the tacacs server related configuration.
suboptions:
auth_type:
choices:
- pap
- chap
- mschap
- login
default: pap
description:
- Specifies the authentication type of the tacacs server.
type: str
key:
description:
- Specifies the key of the tacacs server.
type: str
servers:
description:
- Specifies the servers list of the tacacs server.
suboptions:
host:
description:
- Specifies the host details of the tacacs servers list.
elements: dict
suboptions:
auth_type:
choices:
- pap
- chap
- mschap
- login
default: pap
description:
- Specifies the authentication type of the tacacs server host.
type: str
key:
description:
- Specifies the key of the tacacs server host.
type: str
name:
description:
- Specifies the name of the tacacs server host.
type: str
port:
default: 49
description:
- Specifies the port of the tacacs server host.
type: int
priority:
default: 1
description:
- Specifies the priority of the tacacs server host.
type: int
timeout:
default: 5
description:
- Specifies the timeout of the tacacs server host.
type: int
vrf:
default: default
description:
- Specifies the vrf of the tacacs server host.
type: str
type: list
type: dict
source_interface:
description:
- Specifies the source interface of the tacacs server.
type: str
timeout:
default: 5
description:
- Specifies the timeout of the tacacs server.
type: int
type: dict
after:
description: The resulting configuration model invocation.
returned: when changed
sample: "The configuration returned will always be in the same format\n of the parameters\
\ above.\n"
type: list
before:
description: The configuration prior to the model invocation.
returned: always
sample: "The configuration returned will always be in the same format\n of the parameters\
\ above.\n"
type: list
commands:
description: The set of commands pushed to the remote device.
returned: always
sample:
- command 1
- command 2
- command 3
type: list