community.vmware.vmware_host_lockdown_exceptions module – Manage Lockdown Mode Exception Users

Note

This module is part of the community.vmware collection (version 6.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.vmware.

To use it in a playbook, specify: community.vmware.vmware_host_lockdown_exceptions.

New in community.vmware 3.1.0

Synopsis

  • This module can be used to manage Lockdown Mode Exception Users.

  • Please specify hostname as vCenter IP or hostname only, as lockdown operations are not possible from standalone ESXi server.

Parameters

Parameter

Comments

cluster_name

string

Name of cluster.

All host systems from given cluster used to manage exception users.

Required parameter, if esxi_hostname is not set.

esxi_hostname

list / elements=string

List of ESXi hostname to manage exception users.

Required parameter, if cluster_name is not set.

exception_users

list / elements=string / required

List of Lockdown Mode Exception Users.

To remove all Exception Users, state=set the empty list.

hostname

string

The hostname or IP address of the vSphere vCenter server.

If the value is not specified in the task, the value of environment variable VMWARE_HOST will be used instead.

password

aliases: pass, pwd

string

The password of the vSphere vCenter server.

If the value is not specified in the task, the value of environment variable VMWARE_PASSWORD will be used instead.

port

integer

The port number of the vSphere vCenter server.

If the value is not specified in the task, the value of environment variable VMWARE_PORT will be used instead.

Default: 443

proxy_host

string

The address of a proxy that will receive all HTTPS requests and relay them.

The format is a hostname or a IP.

If the value is not specified in the task, the value of environment variable VMWARE_PROXY_HOST will be used instead.

proxy_port

integer

The port of the HTTP proxy that will receive all HTTPS requests and relay them.

If the value is not specified in the task, the value of environment variable VMWARE_PROXY_PORT will be used instead.

state

string

If present, make sure the given users are defined as Lockdown Mode Exception Users.

If absent, make sure the given users are NO Lockdown Mode Exception Users.

If set, will replace Lockdown Mode Exception Users defined list of users.

Choices:

  • "present" ← (default)

  • "absent"

  • "set"

username

aliases: admin, user

string

The username of the vSphere vCenter server.

If the value is not specified in the task, the value of environment variable VMWARE_USER will be used instead.

validate_certs

boolean

Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.

If the value is not specified in the task, the value of environment variable VMWARE_VALIDATE_CERTS will be used instead.

Choices:

  • false

  • true ← (default)

Notes

Note

  • All modules require API write access and hence are not supported on a free ESXi license.

  • All variables and VMware object names are case sensitive.

  • Modules may rely on the ‘requests’ python library, which does not use the system certificate store by default. You can specify the certificate store by setting the REQUESTS_CA_BUNDLE environment variable. Note having this variable set may cause a ‘false’ value for the ‘validate_certs’ option to be ignored in some cases. Example: ‘export REQUESTS_CA_BUNDLE=/path/to/your/ca_bundle.pem’

Examples

- name: Remove all Lockdown Mode Exception Users on a host
  community.vmware.vmware_host_lockdown:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    esxi_hostname: '{{ esxi_hostname }}'
    exception_users: []
    state: set
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

results

dictionary

metadata about exception users of Host systems

Returned: always

Sample: {"host_lockdown_exceptions": {"DC0_C0": {"current_exception_users": [], "desired_exception_users": [], "previous_exception_users": ["root"]}}}

Authors

  • Mario Lenz (@mariolenz)