junipernetworks.junos.junos_user module – Manage local user accounts on Juniper JUNOS devices

Note

This module is part of the junipernetworks.junos collection (version 9.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install junipernetworks.junos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: junipernetworks.junos.junos_user.

New in junipernetworks.junos 1.0.0

Synopsis 

This module manages locally configured user accounts on remote network devices running the JUNOS operating system. It provides a set of arguments for creating, removing and updating locally defined accounts

Requirements 

The below requirements are needed on the host that executes this module.

ncclient (>=v0.5.2)

Parameters 

Parameter	Comments
active boolean	Specifies whether or not the configuration is active or deactivated Choices: `false` `true` ← (default)
aggregate aliases: users, collection list / elements=dictionary	The `aggregate` argument defines a list of users to be configured on the remote device. The list of users will be compared against the current users and only changes will be added or removed from the device configuration. This argument is mutually exclusive with the name argument.
active boolean	Specifies whether or not the configuration is active or deactivated Choices: `false` `true`
encrypted_password string	The `encrypted_password` argument set already hashed password for the user account on the remote system.
full_name string	The `full_name` argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
name string / required	The `name` argument defines the username of the user to be created on the system. This argument must follow appropriate usernaming conventions for the target device running JUNOS. This argument is mutually exclusive with the `aggregate` argument.
purge boolean	The `purge` argument instructs the module to consider the users definition absolute. It will remove any previously configured users on the device with the exception of the current defined set of aggregate. Choices: `false` ← (default) `true`
role string	The `role` argument defines the role of the user account on the remote system. User accounts can have more than one role configured. Choices: `"operator"` `"read-only"` `"super-user"` `"unauthorized"`
sshkey string	The `sshkey` argument defines the public SSH key to be configured for the user account on the remote system. This argument must be a valid SSH key
state string	The `state` argument configures the state of the user definitions as it relates to the device operational configuration. When set to present, the user should be configured in the device active configuration and when set to absent the user should not be in the device active configuration Choices: `"present"` `"absent"`
encrypted_password string	The `encrypted_password` argument set already hashed password for the user account on the remote system.
full_name string	The `full_name` argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
name string	The `name` argument defines the username of the user to be created on the system. This argument must follow appropriate usernaming conventions for the target device running JUNOS. This argument is mutually exclusive with the `aggregate` argument.
purge boolean	The `purge` argument instructs the module to consider the users definition absolute. It will remove any previously configured users on the device with the exception of the current defined set of aggregate. Choices: `false` ← (default) `true`
role string	The `role` argument defines the role of the user account on the remote system. User accounts can have more than one role configured. Choices: `"operator"` `"read-only"` `"super-user"` `"unauthorized"`
sshkey string	The `sshkey` argument defines the public SSH key to be configured for the user account on the remote system. This argument must be a valid SSH key
state string	The `state` argument configures the state of the user definitions as it relates to the device operational configuration. When set to present, the user should be configured in the device active configuration and when set to absent the user should not be in the device active configuration Choices: `"present"` ← (default) `"absent"`

Notes 

Note

This module requires the netconf system service be enabled on the remote device being managed.
Tested against vSRX JUNOS version 15.1X49-D15.4, vqfx-10000 JUNOS Version 15.1X53-D60.4.
Recommended connection is netconf. See the Junos OS Platform Options.
This module also works with local connections for legacy playbooks.
For information on using CLI and netconf see the :ref:`Junos OS Platform Options guide <junos_platform_options>`
For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>`
For more information on using Ansible to manage Juniper network devices see https://www.ansible.com/ansible-juniper.

Examples 

- name: create new user account
  junipernetworks.junos.junos_user:
    name: ansible
    role: super-user
    sshkey: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
    state: present

- name: remove a user account
  junipernetworks.junos.junos_user:
    name: ansible
    state: absent

- name: remove all user accounts except ansible
  junipernetworks.junos.junos_user:
    aggregate:
      - name: ansible
    purge: true

- name: set user password
  junipernetworks.junos.junos_user:
    name: ansible
    role: super-user
    encrypted_password: "{{ 'my-password' | password_hash('sha512') }}"
    state: present

- name: Create list of users
  junipernetworks.junos.junos_user:
    aggregate:
      - {name: test_user1, full_name: test_user2, role: operator, state: present}
      - {name: test_user2, full_name: test_user2, role: read-only, state: present}

- name: Delete list of users
  junipernetworks.junos.junos_user:
    aggregate:
      - {name: test_user1, full_name: test_user2, role: operator, state: absent}
      - {name: test_user2, full_name: test_user2, role: read-only, state: absent}

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
diff.prepared string	Configuration difference before and after applying change. Returned: when configuration is changed and diff option is enabled. Sample: `"[edit system login] + user test-user { + uid 2005; + class read-only; + }\n"`

Authors

Peter Sprygada (@privateip)

junipernetworks.junos.junos_user module – Manage local user accounts on Juniper JUNOS devices

Synopsis

Requirements

Parameters

Notes

Examples

Return Values