bigip_user - Manage user accounts and user attributes on a BIG-IP.
New in version 2.4.
Synopsis
- Manage user accounts and user attributes on a BIG-IP.
Requirements (on host that executes module)
- f5-sdk
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
full_name | no | Full name of the user. | ||
partition_access | no | Specifies the administrative partition to which the user has access. partition_access is required when creating a new account. Should be in the form "partition:role". Valid roles include acceleration-policy-editor , admin , application-editor , auditor certificate-manager , guest , irule-manager , manager , no-access operator , resource-admin , user-manager , web-application-security-administrator , and web-application-security-editor . Partition portion of tuple should be an existing partition or the value 'all'. | ||
password | yes | The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set. | ||
password_credential | no | Set the users password to this unencrypted value. password_credential is required when creating a new account. | ||
server | yes | The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set. | ||
server_port (added in 2.2)
| no | 443 | The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set. | |
shell | no |
| Optionally set the users shell. | |
state | no | present |
| Whether the account should exist or not, taking action if the state is different from what is stated. |
update_password | no | on_create |
| always will allow to update passwords if the user chooses to do so. on_create will only set the password for newly created users. |
user | yes | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set. | ||
username_credential | yes | Name of the user to create, remove or modify. aliases: name | ||
validate_certs (added in 2.0)
| no | True |
| If no , SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set. |
Examples
- name: Add the user 'johnd' as an admin bigip_user: server: "lb.mydomain.com" user: "admin" password: "secret" username_credential: "johnd" password_credential: "password" full_name: "John Doe" partition_access: "all:admin" update_password: "on_create" state: "present" delegate_to: localhost - name: Change the user "johnd's" role and shell bigip_user: server: "lb.mydomain.com" user: "admin" password: "secret" username_credential: "johnd" partition_access: "NewPartition:manager" shell: "tmsh" state: "present" delegate_to: localhost - name: Make the user 'johnd' an admin and set to advanced shell bigip_user: server: "lb.mydomain.com" user: "admin" password: "secret" name: "johnd" partition_access: "all:admin" shell: "bash" state: "present" delegate_to: localhost - name: Remove the user 'johnd' bigip_user: server: "lb.mydomain.com" user: "admin" password: "secret" name: "johnd" state: "absent" delegate_to: localhost - name: Update password bigip_user: server: "lb.mydomain.com" user: "admin" password: "secret" state: "present" username_credential: "johnd" password_credential: "newsupersecretpassword" delegate_to: localhost # Note that the second time this task runs, it would fail because # The password has been changed. Therefore, it is recommended that # you either, # # * Put this in its own playbook that you run when you need to # * Put this task in a `block` # * Include `ignore_errors` on this task - name: Change the Admin password bigip_user: server: "lb.mydomain.com" user: "admin" password: "secret" state: "present" username_credential: "admin" password_credential: "NewSecretPassword" delegate_to: localhost
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
name | description | returned | type | sample |
---|---|---|---|---|
full_name | Full name of the user | changed and success | string | John Doe |
partition_access | List of strings containing the user's roles and which partitions they are applied to. They are specified in the form "partition:role". | changed and success | list | ['all:admin'] |
shell | The shell assigned to the user account | changed and success | string | tmsh |
Notes
Note
- Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
- Requires BIG-IP versions >= 12.0.0
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/bigip_user_module.html