cs_account – Manages accounts on Apache CloudStack based clouds

New in version 2.0.

Synopsis

  • Create, disable, lock, enable and remove accounts.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • cs >= 0.6.10

Parameters

Parameter Choices/Defaults Comments
account_type
string
    Choices:
  • user
  • root_admin
  • domain_admin
Type of the account.
api_http_method
string
    Choices:
  • get
  • post
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is get if not specified.
api_key
string
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
api_region
string
Default:
"cloudstack"
Name of the ini section in the cloustack.ini file.
If not given, the CLOUDSTACK_REGION env variable is considered.
api_secret
string
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
api_timeout
integer
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is 10 seconds if not specified.
api_url
string
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
domain
string
Default:
"ROOT"
Domain the account is related to.
email
string
Email of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
first_name
string
First name of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
last_name
string
Last name of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
ldap_domain
string
added in 2.8
Name of the LDAP group or OU to bind.
If set, account will be linked to LDAP.
ldap_type
string
added in 2.8
    Choices:
  • GROUP
  • OU
Type of the ldap name. GROUP or OU, defaults to GROUP.
name
string / required
Name of account.
network_domain
string
Network domain of the account.
password
string
Password of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
poll_async
boolean
    Choices:
  • no
  • yes
Poll async jobs until job has finished.
role
string
added in 2.8
Creates the account under the specified role name or id.
state
string
    Choices:
  • present
  • absent
  • enabled
  • disabled
  • locked
  • unlocked
State of the account.
unlocked is an alias for enabled.
timezone
string
Timezone of the user to be created if account did not exist.
username
string
Username of the user to be created if account did not exist.
Required on state=present.

Notes

Note

  • Ansible uses the cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. A CLOUDSTACK_CONFIG environment variable pointing to an .ini file. A cloudstack.ini file in the current working directory. A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.
  • A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
  • This module supports check mode.

Examples

- name: create an account in domain 'CUSTOMERS'
  cs_account:
    name: customer_xy
    username: customer_xy
    password: S3Cur3
    last_name: Doe
    first_name: John
    email: [email protected]
    domain: CUSTOMERS
    role: Domain Admin
  delegate_to: localhost

- name: Lock an existing account in domain 'CUSTOMERS'
  cs_account:
    name: customer_xy
    domain: CUSTOMERS
    state: locked
  delegate_to: localhost

- name: Disable an existing account in domain 'CUSTOMERS'
  cs_account:
    name: customer_xy
    domain: CUSTOMERS
    state: disabled
  delegate_to: localhost

- name: Enable an existing account in domain 'CUSTOMERS'
  cs_account:
    name: customer_xy
    domain: CUSTOMERS
    state: enabled
  delegate_to: localhost

- name: Remove an account in domain 'CUSTOMERS'
  cs_account:
    name: customer_xy
    domain: CUSTOMERS
    state: absent
  delegate_to: localhost

- name: Create a single user LDAP account in domain 'CUSTOMERS'
  cs_account:
    name: customer_xy
    username: customer_xy
    domain: CUSTOMERS
    ldap_domain: cn=customer_xy,cn=team_xy,ou=People,dc=domain,dc=local
  delegate_to: localhost

- name: Create a LDAP account in domain 'CUSTOMERS' and bind it to a LDAP group
  cs_account:
    name: team_xy
    username: customer_xy
    domain: CUSTOMERS
    ldap_domain: cn=team_xy,ou=People,dc=domain,dc=local
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
account_type
string
 success
Type of the account.

Sample:
user
domain
string
 success
Domain the account is related.

Sample:
ROOT
id
string
 success
UUID of the account.

Sample:
87b1e0ce-4e01-11e4-bb66-0050569e64b8
name
string
 success
Name of the account.

Sample:
network_domain
string
 success
Network domain of the account.

Sample:
example.local
role
string
 success
The role name of the account

Sample:
Domain Admin
state
string
 success
State of the account.

Sample:
enabled


Status

  • This module is guaranteed to have no backward incompatible interface changes going forward. [stableinterface]
  • This module is maintained by the Ansible Community. [community]

Authors

  • René Moser (@resmo)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/cs_account_module.html