dellemc.enterprise_sonic.sonic_aaa module – Manage AAA configuration on SONiC
Note
This module is part of the dellemc.enterprise_sonic collection (version 3.0.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.
To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_aaa.
New in dellemc.enterprise_sonic 1.1.0
Synopsis
This module provides configuration management of AAA for devices running SONiC.
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
|---|---|
AAA configuration For all lists in the module, the list items should be specified in order of desired priority. List items specified first have the highest priority. |
|
AAA authentication configuration |
|
Specifies the order of the methods in which to authenticate login Choices:
|
|
Enable/disable local authentication on console Choices:
|
|
Enable/disable failthrough Choices:
|
|
AAA authorization configuration |
|
Specifies the order of the methods in which to authorize commands Choices:
|
|
Specifies the order of the methods in which to authorize login Choices:
|
|
AAA name-service configuration |
|
Name-service source for group method Choices:
|
|
Name-service source for netgroup method Choices:
|
|
Name-service source for passwd method Choices:
|
|
Name-service source for shadow method Choices:
|
|
Name-service source for sudoers method Choices:
|
|
The state of the configuration after module completion Choices:
|
Notes
Note
Tested against Enterprise SONiC Distribution by Dell Technologies
Supports
check_mode
Examples
# Using Merged
#
# Before state:
# -------------
#
# sonic# show aaa
# (No AAA configuration present)
- name: Merge AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- local
- ldap
- radius
- tacacs+
console_auth_local: True
failthrough: True
authorization:
commands_auth_method:
- local
- tacacs+
login_auth_method:
- local
- ldap
name_service:
group:
- ldap
netgroup:
- local
passwd:
- login
shadow:
- ldap
sudoers:
- local
state: merged
# After state:
# ------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap, radius, tacacs+
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
# Using Replaced
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap, radius, tacacs+
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
- name: Replace AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
console_auth_local: True
failthrough: False
authorization:
commands_auth_method:
- local
name_service:
group:
- ldap
state: replaced
# After state:
# ------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : False
# login-method :
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# Using Overridden
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap, radius, tacacs+
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
- name: Override AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- tacacs+
console_auth_local: True
failthrough: True
state: overridden
# After state:
# ------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : tacacs+
# console authentication : local
# Using Deleted
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap, radius, tacacs+
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
- name: Delete AAA individual attributes
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- local
- ldap
- radius
- tacacs+
console_auth_local: True
failthrough: True
authorization:
commands_auth_method:
- local
- tacacs+
login_auth_method:
- local
- ldap
name_service:
group:
- ldap
netgroup:
- local
passwd:
- login
shadow:
- ldap
sudoers:
- local
state: deleted
# After state:
# ------------
#
# sonic# show aaa
# (No AAA configuration present)
# Using Deleted
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap, radius, tacacs+
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
- name: Delete all AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config: {}
state: deleted
# After state:
# ------------
#
# sonic# show aaa
# (No AAA configuration present)
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The resulting configuration module invocation. Returned: when changed Sample: |
|
The generated configuration module invocation. Returned: when Sample: |
|
The configuration prior to the module invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |