nxos_user – Manage the collection of local users on Nexus devices¶
Synopsis¶
- This module provides declarative management of the local usernames configured on Cisco Nexus devices. It allows playbooks to manage either individual usernames or the collection of usernames in the current running config. It also supports purging usernames from the configuration that are not explicitly defined.
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| aggregate 
                    -
                                                                 added in 2.4 | The set of username objects to be configured on the remote Cisco Nexus device.  The list entries can either be the username or a hash of username and properties.  This argument is mutually exclusive with the  nameargument.aliases: users, collection | ||
| configured_password 
                    -
                                                                 added in 2.4 | The password to be configured on the network device. The password needs to be provided in cleartext and it will be encrypted on the device. Please note that this option is not same as  provider password. | ||
| name 
                    -
                                                                 | The username to be configured on the remote Cisco Nexus device.  This argument accepts a string value and is mutually exclusive with the  aggregateargument. | ||
| provider 
                    dictionary
                                                                 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cli.This option is only required if you are using NX-API. For more information please see the NXOS Platform Options guide. A dict object containing connection details. | ||
| auth_pass 
                    string
                                                                 added in 2.5.3 | Specifies the password to use if required to enter privileged mode on the remote device.  If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTH_PASSwill be used instead. | ||
| authorize 
                    boolean
                                                                 added in 2.5.3 | 
 | Instructs the module to enter privileged mode on the remote device before sending any commands.  If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTHORIZEwill be used instead. | |
| host 
                    string
                                             / required                     | Specifies the DNS host name or address for connecting to the remote device over the specified transport.  The value of host is used as the destination address for the transport. | ||
| password 
                    string
                                                                 | Specifies the password to use to authenticate the connection to the remote device.  This is a common argument used for either cli or nxapi transports. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_PASSWORDwill be used instead. | ||
| port 
                    integer
                                                                 | Default: "0 (use common port)" | Specifies the port to use when building the connection to the remote device.  This value applies to either cli or nxapi.  The port value will default to the appropriate transport common port if none is provided in the task.  (cli=22, http=80, https=443). | |
| ssh_keyfile 
                    string
                                                                 | Specifies the SSH key to use to authenticate the connection to the remote device.  This argument is only used for the cli transport. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_SSH_KEYFILEwill be used instead. | ||
| timeout 
                    integer
                                                                 | Default: 10 | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. NX-API can be slow to return on long-running commands (sh mac, sh bgp, etc). | |
| transport 
                    string
                                             / required                     | 
 | Configures the transport connection to use when connecting to the remote device.  The transport argument supports connectivity to the device over cli (ssh) or nxapi. | |
| use_proxy 
                    boolean
                                                                 added in 2.5 | 
 | If  no, the environment variableshttp_proxyandhttps_proxywill be ignored. | |
| use_ssl 
                    boolean
                                                                 | 
 | Configures the transport to use SSL if set to  yesonly when thetransport=nxapi, otherwise this value is ignored. | |
| username 
                    string
                                                                 | Configures the username to use to authenticate the connection to the remote device.  This value is used to authenticate either the CLI login or the nxapi authentication depending on which transport is used. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_USERNAMEwill be used instead. | ||
| validate_certs 
                    boolean
                                                                 | 
 | If  no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.  If the transport argument is not nxapi, this value is ignored. | |
| purge 
                    boolean
                                                                 | 
 | The  purgeargument instructs the module to consider the resource definition absolute.  It will remove any previously configured usernames on the device with the exception of the `admin` user which cannot be deleted per nxos constraints. | |
| role 
                    -
                                                                 | The  roleargument configures the role for the username in the device running configuration.  The argument accepts a string value defining the role name.  This argument does not check if the role has been configured on the device.aliases: roles | ||
| sshkey 
                    -
                                                                 | The  sshkeyargument defines the SSH public key to configure for the username.  This argument accepts a valid SSH key value. | ||
| state 
                    -
                                                                 | 
 | The  stateargument configures the state of the username definition as it relates to the device operational configuration.  When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration | |
| update_password 
                    -
                                                                 | 
 | Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password.  When set to  always, the password will always be updated in the device and when set toon_createthe password will be updated only if the username is created. | |
Notes¶
Note
- For information on using CLI and NX-API see the NXOS Platform Options guide
- For more information on using Ansible to manage network devices see the Ansible Network Guide
- For more information on using Ansible to manage Cisco devices see the Cisco integration page.
Examples¶
- name: create a new user
  nxos_user:
    name: ansible
    sshkey: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present
- name: remove all users except admin
  nxos_user:
    purge: yes
- name: set multiple users role
  aggregate:
    - name: netop
    - name: netend
  role: network-operator
  state: present
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Network Team. [network]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Peter Sprygada (@privateip)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
