bigip_user - Manage user accounts and user attributes on a BIG-IP.

New in version 2.4.

Synopsis

  • Manage user accounts and user attributes on a BIG-IP.

Requirements (on host that executes module)

  • f5-sdk

Options

parameter required default choices comments
full_name
no
Full name of the user.
partition_access
no
Specifies the administrative partition to which the user has access. partition_access is required when creating a new account. Should be in the form "partition:role". Valid roles include acceleration-policy-editor, admin, application-editor, auditor certificate-manager, guest, irule-manager, manager, no-access operator, resource-admin, user-manager, web-application-security-administrator, and web-application-security-editor. Partition portion of tuple should be an existing partition or the value 'all'.
password
yes
The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set.
password_credential
no
Set the users password to this unencrypted value. password_credential is required when creating a new account.
server
yes
The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
no 443
The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set.
shell
no
  • bash
  • none
  • tmsh
Optionally set the users shell.
state
no present
  • present
  • absent
Whether the account should exist or not, taking action if the state is different from what is stated.
update_password
no on_create
  • always
  • on_create
always will allow to update passwords if the user chooses to do so. on_create will only set the password for newly created users.
user
yes
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set.
username_credential
yes
Name of the user to create, remove or modify.
aliases: name
validate_certs
(added in 2.0)
no True
  • True
  • False
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set.

Examples

- name: Add the user 'johnd' as an admin
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      username_credential: "johnd"
      password_credential: "password"
      full_name: "John Doe"
      partition_access: "all:admin"
      update_password: "on_create"
      state: "present"
  delegate_to: localhost

- name: Change the user "johnd's" role and shell
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      username_credential: "johnd"
      partition_access: "NewPartition:manager"
      shell: "tmsh"
      state: "present"
  delegate_to: localhost

- name: Make the user 'johnd' an admin and set to advanced shell
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      name: "johnd"
      partition_access: "all:admin"
      shell: "bash"
      state: "present"
  delegate_to: localhost

- name: Remove the user 'johnd'
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      name: "johnd"
      state: "absent"
  delegate_to: localhost

- name: Update password
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      username_credential: "johnd"
      password_credential: "newsupersecretpassword"
  delegate_to: localhost

# Note that the second time this task runs, it would fail because
# The password has been changed. Therefore, it is recommended that
# you either,
#
#   * Put this in its own playbook that you run when you need to
#   * Put this task in a `block`
#   * Include `ignore_errors` on this task
- name: Change the Admin password
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      username_credential: "admin"
      password_credential: "NewSecretPassword"
  delegate_to: localhost

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
full_name
Full name of the user
changed and success string John Doe
partition_access
List of strings containing the user's roles and which partitions they are applied to. They are specified in the form "partition:role".
changed and success list ['all:admin']
shell
The shell assigned to the user account
changed and success string tmsh

Notes

Note

  • Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
  • Requires BIG-IP versions >= 12.0.0

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/bigip_user_module.html