cisco.ios.ios_user 模块 – 用于管理本地用户聚合的模块。
注意
此模块是 cisco.ios 集合 (版本 9.0.3) 的一部分。
如果您正在使用 ansible 包,则可能已安装此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用: ansible-galaxy collection install cisco.ios。
要在 playbook 中使用它,请指定: cisco.ios.ios_user。
cisco.ios 1.0.0 中的新增功能
概要
此模块提供对网络设备上配置的本地用户名进行声明式管理。它允许 playbook 管理单个用户名或当前运行配置中用户名的聚合。它还支持从配置中清除未明确定义的用户名。
参数
参数 |
注释 |
|---|---|
要在远程 Cisco IOS 设备上配置的一组用户名对象。列表项可以是用户名或用户名和属性的哈希值。此参数与 |
|
要在 Cisco IOS 设备上配置的密码。密码需要以明文形式提供,并在设备上进行加密。请注意,此选项与 |
|
此选项允许在 Cisco IOS 设备上配置哈希密码。 |
|
指定哈希类型(例如,MD5 为 5,PBKDF2 为 8 等)。 要使此功能正常工作,设备需要支持所需的哈希类型。 |
|
要在设备上配置的实际哈希密码。 |
|
要在 Cisco IOS 设备上配置的用户名。此参数接受字符串值,并与 |
|
定义用户名而不分配密码。这将允许用户登录系统而无需通过密码进行身份验证。 选项
|
|
此参数确定将配置“password”还是“secret”。 选项
|
|
|
|
指定一个或多个要为给定用户名配置的 SSH 公钥。 此参数接受有效的 SSH 密钥值。 |
|
配置用户名定义相对于设备操作配置的状态。设置为 *present* 时,用户名应配置在设备活动配置中;设置为 *absent* 时,用户名不应在设备活动配置中。 选项
|
|
由于密码在设备运行配置中已加密,因此此参数将指示模块何时更改密码。设置为 选项
|
|
配置设备运行配置中用户名视图。参数接受一个字符串值,定义视图名称。此参数不检查该视图是否已在设备上配置。 |
|
要在 Cisco IOS 设备上配置的密码。密码需要以明文形式提供,并在设备上进行加密。请注意,此选项与 |
|
此选项允许在 Cisco IOS 设备上配置哈希密码。 |
|
指定哈希类型(例如,MD5 为 5,PBKDF2 为 8 等)。 要使此功能正常工作,设备需要支持所需的哈希类型。 |
|
要在设备上配置的实际哈希密码。 |
|
要在 Cisco IOS 设备上配置的用户名。此参数接受字符串值,并与 |
|
定义用户名而不分配密码。这将允许用户登录系统而无需通过密码进行身份验证。 选项
|
|
此参数确定将配置“password”还是“secret”。 选项
|
|
|
|
指示模块将资源定义视为绝对定义。它将删除设备上以前配置的所有用户名,但 `admin` 用户(当前定义的用户集)除外。 选项
|
|
指定一个或多个要为给定用户名配置的 SSH 公钥。 此参数接受有效的 SSH 密钥值。 |
|
配置用户名定义相对于设备操作配置的状态。设置为 *present* 时,用户名应配置在设备活动配置中;设置为 *absent* 时,用户名不应在设备活动配置中。 选项
|
|
由于密码在设备运行配置中已加密,因此此参数将指示模块何时更改密码。设置为 选项
|
|
配置设备运行配置中用户名视图。参数接受一个字符串值,定义视图名称。此参数不检查该视图是否已在设备上配置。 |
备注
注意
在 CML 上针对 Cisco IOS XE 版本 17.3 进行了测试。
此模块与连接
network_cli协同工作。请参见 https://docs.ansible.org.cn/ansible/latest/network/user_guide/platform_ios.html有关使用 Ansible 管理网络设备的更多信息,请参阅 :ref:`Ansible 网络指南 <network_guide>`
有关使用 Ansible 管理 Cisco 设备的更多信息,请参阅 `Cisco 集成页面 <https://ansible.org.cn/integrations/networks/cisco>`_。
示例
# Using state: present
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username testuser privilege 15 password 0 password
# Present state create a new user play:
# -------------------------------------
- name: Create a new user
cisco.ios.ios_user:
name: ansible
nopassword: true
sshkey: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
# Task Output
# -----------
# commands:
# - ip ssh pubkey-chain
# - username ansible
# - key-hash ssh-rsa 2ABB27BBC33ED53EF7D55037952ABB27 test@fedora
# - exit
# - exit
# - username ansible nopassword
# After state:
# ------------
# router-ios#show running-config | section username
# username testuser privilege 15 password 0 password
# username ansible nopassword
# username ansible
# key-hash ssh-rsa 2ABB27BBC33ED53EF7D55037952ABB27 test@fedora
# Using state: present
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username testuser privilege 15 password 0 password
# Present state create a new user with multiple keys play:
# --------------------------------------------------------
- name: Create a new user with multiple keys
cisco.ios.ios_user:
name: ansible
sshkey:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- "{{ lookup('file', '~/path/to/public_key') }}"
state: present
# Task Output
# -----------
# commands:
# - ip ssh pubkey-chain
# - username ansible
# - key-hash ssh-rsa 2ABB27BBC33ED53EF7D55037952ABB27 test@fedora
# - key-hash ssh-rsa 1985673DCF7FA9A0F374BB97DC2ABB27 test@fedora
# - exit
# - exit
# After state:
# ------------
# router-ios#show running-config | section username
# username testuser privilege 15 password 0 password
# username ansible
# key-hash ssh-rsa 2ABB27BBC33ED53EF7D55037952ABB27 test@fedora
# key-hash ssh-rsa 1985673DCF7FA9A0F374BB97DC2ABB27 test@fedora
# Using Purge: true
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# username testuser privilege 15 password 0 password
# username ansible nopassword
# username ansible
# key-hash ssh-rsa 2ABB27BBC33ED53EF7D55037952ABB27 test@fedora
# Purge all users except admin play:
# ----------------------------------
- name: Remove all users except admin
cisco.ios.ios_user:
purge: true
# Task Output
# -----------
# commands:
# - no username testuser
# - no username ansible
# - ip ssh pubkey-chain
# - no username ansible
# - exit
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
# Using Purge: true
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# username testuser privilege 15 password 0 password1
# username testuser1 privilege 15 password 0 password2
# username ansible nopassword
# Purge all users except admin and these listed users play:
# ---------------------------------------------------------
- name: Remove all users except admin and these listed users
cisco.ios.ios_user:
aggregate:
- name: testuser
- name: testuser1
purge: true
# Task Output
# -----------
# commands:
# - no username ansible
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
# username testuser privilege 15 password 0 password1
# username testuser1 privilege 15 password 0 password2
# Using state: present
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# username netop password 0 password1
# username netend password 0 password2
# Present state set multiple users to privilege level 15 play:
# ------------------------------------------------------------
- name: Set multiple users to privilege level 15
cisco.ios.ios_user:
aggregate:
- name: netop
- name: netend
privilege: 15
state: present
# Task Output
# -----------
# commands:
# - username netop privilege 15
# - username netend privilege 15
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
# username netop privilege 15 password 0 password1
# username netend privilege 15 password 0 password2
# Using state: present
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# username netop privilege 15 password 0 oldpassword
# Present state Change Password for User netop play:
# --------------------------------------------
- name: Change Password for User netop
cisco.ios.ios_user:
name: netop
configured_password: "newpassword"
password_type: password
update_password: always
state: present
# Task Output
# -----------
# commands:
# - username netop password newpassword
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
# username netop privilege 15 password 0 newpassword
# Using state: present
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# username netop privilege 15 password 0 password
# username netend privilege 15 password 0 password
# Present state set user view/role for users play:
# --------------------------------------------
- name: Set user view/role for users
cisco.ios.ios_user:
aggregate:
- name: netop
- name: netend
view: network-admin
state: present
# Task Output
# -----------
# commands:
# - username netop view network-admin
# - username netend view network-admin
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
# username netop privilege 15 view network-admin password 0 password
# username netend privilege 15 view network-admin password 0 password
# Using state: present
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# Present state create a new user with hashed password play:
# --------------------------------------------------------------
- name: Create a new user with hashed password
cisco.ios.ios_user:
name: ansibletest5
hashed_password:
type: 9
value: "thiswillbereplacedwithhashedpassword"
state: present
# Task Output
# -----------
# commands:
# - username ansibletest5 secret 9 thiswillbereplacedwithhashedpassword
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
# username ansibletest5 secret 9 thiswillbereplacedwithhashedpassword
# Using state: absent
# Before state:
# -------------
# router-ios#show running-config | section ^username
# username admin privilege 15 password 0 password
# username ansibletest1 password 0 password
# username ansibletest2 secret 9 thiswillbereplacedwithhashedpassword
# username ansibletest3 password 5 thistoowillbereplacedwithhashedpassword
# Absent state remove multiple users play:
# ----------------------------------------
- name: Delete users with aggregate
cisco.ios.ios_user:
aggregate:
- name: ansibletest1
- name: ansibletest2
- name: ansibletest3
state: absent
# Task Output
# -----------
# commands:
# - no username ansibletest1
# - no username ansibletest2
# - no username ansibletest3
# After state:
# ------------
# router-ios#show running-config | section username
# username admin privilege 15 password 0 password
返回值
常用返回值已在 此处 记录,以下是此模块特有的字段
键 |
描述 |
|---|---|
要发送到设备的配置模式命令列表 返回:始终 示例: |