dellemc.enterprise_sonic.sonic_tacacs_server module – Manage TACACS server and its parameters

Note

This module is part of the dellemc.enterprise_sonic collection (version 2.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_tacacs_server.

New in dellemc.enterprise_sonic 1.1.0

Synopsis

  • This module provides configuration management of tacacs server parameters on devices running Enterprise SONiC.

Note

This module has a corresponding action plugin.

Parameters

Parameter

Comments

config

dictionary

Specifies the tacacs server related configuration.

auth_type

string

Specifies the authentication type of the tacacs server.

Choices:

  • "pap" ← (default)

  • "chap"

  • "mschap"

  • "login"

key

string

Specifies the key of the tacacs server.

servers

dictionary

Specifies the servers list of the tacacs server.

host

list / elements=dictionary

Specifies the host details of the tacacs servers list.

auth_type

string

Specifies the authentication type of the tacacs server host.

Choices:

  • "pap" ← (default)

  • "chap"

  • "mschap"

  • "login"

key

string

Specifies the key of the tacacs server host.

name

string

Specifies the name of the tacacs server host.

port

integer

Specifies the port of the tacacs server host.

Default: 49

priority

integer

Specifies the priority of the tacacs server host.

Default: 1

timeout

integer

Specifies the timeout of the tacacs server host.

Default: 5

vrf

string

Specifies the vrf of the tacacs server host.

Default: "default"

source_interface

string

Specifies the source interface of the tacacs server.

timeout

integer

Specifies the timeout of the tacacs server.

Default: 5

state

string

Specifies the operation to be performed on the tacacs server configured on the device.

In case of merged, the input mode configuration will be merged with the existing tacacs server configuration on the device.

In case of deleted the existing tacacs server mode configuration will be removed from the device.

In case of replaced, the existing tacacs server configuration will be replaced with provided configuration.

In case of overridden, the existing tacacs server configuration will be overridden with the provided configuration.

Choices:

  • "merged" ← (default)

  • "replaced"

  • "overridden"

  • "deleted"

Notes

Note

  • Tested against Enterprise SONiC Distribution by Dell Technologies.

  • Supports check_mode.

Examples

# Using deleted
#
# Before state:
# -------------
#
# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout    : 10
#auth-type  : login
#key        : login
#------------------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE       KEY        PORT       PRIORITY   TIMEOUT    VRF
#------------------------------------------------------------------------------------------------
#1.2.3.4              pap             *****      50         2          10         mgmt
#localhost            pap                        49         1          5          default
#

- name: Merge tacacs configurations
  dellemc.enterprise_sonic.sonic_tacacs_server:
    config:
      auth_type: login
      key: login
      source_interface: Ethernet 12
      timeout: 10
      servers:
        host:
          - name: 1.2.3.4
    state: deleted

# After state:
# ------------
#
#do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#timeout    : 5
#auth-type  : pap
#------------------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE       KEY        PORT       PRIORITY   TIMEOUT    VRF
#------------------------------------------------------------------------------------------------
#localhost            pap                        49         1          5          default


# Using deleted
#
# Before state:
# -------------
#
# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout    : 10
#auth-type  : login
#key        : login
#------------------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE       KEY        PORT       PRIORITY   TIMEOUT    VRF
#------------------------------------------------------------------------------------------------
#1.2.3.4              pap             *****      50         2          10         mgmt
#localhost            pap                        49         1          5          default
#

- name: Merge tacacs configurations
  dellemc.enterprise_sonic.sonic_tacacs_server:
    config:
    state: deleted

# After state:
# ------------
#
#do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#timeout    : 5
#auth-type  : pap


# Using merged
#
# Before state:
# -------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#
- name: Merge tacacs configurations
  dellemc.enterprise_sonic.sonic_tacacs_server:
    config:
      auth_type: pap
      key: pap
      source_interface: Ethernet 12
      timeout: 10
      servers:
        host:
          - name: 1.2.3.4
            auth_type: pap
            key: 1234
    state: merged

# After state:
# ------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout    : 10
#auth-type  : pap
#key        : pap
#------------------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE       KEY        PORT       PRIORITY   TIMEOUT    VRF
#------------------------------------------------------------------------------------------------
#1.2.3.4              pap             1234       49         1          5          default
#
# Using replaced
#
# Before state:
# -------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout           : 10
#auth-type         : pap
#key configured    : Yes
#--------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE    KEY-CONFIG PORT       PRIORITY   TIMEOUT    VRF
#--------------------------------------------------------------------------------------
#1.2.3.4              pap          No         49         1          5          default
#
- name: Replace tacacs configurations
  sonic_tacacs_server:
    config:
      auth_type: pap
      key: pap
      source_interface: Ethernet12
      timeout: 10
      servers:
        - host:
            name: 1.2.3.4
            auth_type: mschap
            key: 1234
    state: replaced
#
# After state:
# ------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout           : 10
#auth-type         : pap
#key configured    : Yes
#--------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE    KEY-CONFIG PORT       PRIORITY   TIMEOUT    VRF
#--------------------------------------------------------------------------------------
#1.2.3.4              mschap       Yes        49         1          5          default
#
# Using overridden
#
# Before state:
# -------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout           : 10
#auth-type         : pap
#key configured    : Yes
#--------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE    KEY-CONFIG PORT       PRIORITY   TIMEOUT    VRF
#--------------------------------------------------------------------------------------
#1.2.3.4              pap          No         49         1          5          default
#11.12.13.14          chap         Yes        49         10         5          default
#
- name: Override tacacs configurations
  sonic_tacacs_server:
    config:
      auth_type: mschap
      key: mschap
      source_interface: Ethernet12
      timeout: 20
      servers:
        - host:
            name: 1.2.3.4
            auth_type: mschap
            key: mschap
        - host:
            name: 10.10.11.12
            auth_type: chap
            timeout: 30
            priority: 2
    state: overridden
#
# After state:
# ------------
#
#sonic(config)# do show tacacs-server
#---------------------------------------------------------
#TACACS Global Configuration
#---------------------------------------------------------
#source-interface  : Ethernet12
#timeout           : 20
#auth-type         : mschap
#key configured    : Yes
#--------------------------------------------------------------------------------------
#HOST                 AUTH-TYPE    KEY-CONFIG PORT       PRIORITY   TIMEOUT    VRF
#--------------------------------------------------------------------------------------
#1.2.3.4              mschap       Yes        49         1          5          default
#10.10.11.12          chap         No         49         2          30         default
#

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

after

list / elements=string

The resulting configuration model invocation.

Returned: when changed

Sample: ["The configuration returned will always be in the same format\n of the parameters above.\n"]

before

list / elements=string

The configuration prior to the model invocation.

Returned: always

Sample: ["The configuration returned will always be in the same format\n of the parameters above.\n"]

commands

list / elements=string

The set of commands pushed to the remote device.

Returned: always

Sample: ["command 1", "command 2", "command 3"]

Authors

  • Niraimadaiselvam M (@niraimadaiselvamm)