dellemc.enterprise_sonic.sonic_aaa module – Manage AAA configuration on SONiC
Note
This module is part of the dellemc.enterprise_sonic collection (version 3.2.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.
To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_aaa.
New in dellemc.enterprise_sonic 1.1.0
Synopsis
This module provides configuration management of AAA for devices running SONiC.
Parameters
Parameter |
Comments |
|---|---|
AAA configuration For all lists in the module, the list items should be specified in order of desired priority. List items specified first have the highest priority. |
|
AAA authentication configuration |
|
Specifies the order of the methods in which to authenticate login Any 1 choice may be specified or 2 choices consisting of local and another group may be specified
MFA is not applicable when Choices:
|
|
Enable/disable local authentication on console Choices:
|
|
Enable/disable failthrough Choices:
|
|
Enable/disable MFA method for console access. Choices:
|
|
Specifies RSA SecurID as multi-factor authentication method. Choices:
|
|
AAA authorization configuration |
|
Specifies the order of the methods in which to authorize commands Choices:
|
|
Specifies the order of the methods in which to authorize login Choices:
|
|
AAA name-service configuration |
|
Name-service source for group method Choices:
|
|
Name-service source for netgroup method Choices:
|
|
Name-service source for passwd method Choices:
|
|
Name-service source for shadow method Choices:
|
|
Name-service source for sudoers method Choices:
|
|
The state of the configuration after module completion Choices:
|
Notes
Note
Tested against Enterprise SONiC Distribution by Dell Technologies
Supports
check_mode
Examples
# Using "merged" state
#
# Before state:
# -------------
#
# sonic# show aaa
# (No AAA configuration present)
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : None
# Console Exempted : None
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
- name: Merge AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- local
- ldap
console_auth_local: true
failthrough: true
mfa_auth_method: 'rsa-securid'
login_mfa_console: true
authorization:
commands_auth_method:
- local
- tacacs+
login_auth_method:
- local
- ldap
name_service:
group:
- ldap
netgroup:
- local
passwd:
- login
shadow:
- ldap
sudoers:
- local
state: merged
# After state:
# ------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap
# login-mfa : rsa-securid
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : rsa-securid
# Console Exempted : No
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
# Using "replaced" state
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap
# login-mfa : rsa-securid
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : rsa-securid
# Console Exempted : No
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
- name: Replace AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- cac-piv
- local
console_auth_local: true
failthrough: false
authorization:
commands_auth_method:
- local
name_service:
group:
- ldap
state: replaced
# After state:
# ------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : False
# login-method : cac-piv, local
# login-mfa : None
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : None
# Console Exempted : None
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
# Using "overridden" state
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap
# login-mfa : rsa-securid
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : rsa-securid
# Console Exempted : Yes
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
- name: Override AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- tacacs+
console_auth_local: true
failthrough: true
mfa_auth_method: 'rsa-securid'
login_mfa_console: true
state: overridden
# After state:
# ------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : tacacs+
# login-mfa : rsa-securid
# console authentication : local
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : rsa-securid
# Console Exempted : No
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
# Using "deleted" state
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap
# login-mfa : rsa-securid
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : rsa-securid
# Console Exempted : No
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
- name: Delete AAA individual attributes
dellemc.enterprise_sonic.sonic_aaa:
config:
authentication:
auth_method:
- local
- ldap
console_auth_local: true
failthrough: true
mfa_auth_method: 'rsa-securid'
login_mfa_console: true
authorization:
commands_auth_method:
- local
- tacacs+
login_auth_method:
- local
- ldap
name_service:
group:
- ldap
netgroup:
- local
passwd:
- login
shadow:
- ldap
sudoers:
- local
state: deleted
# After state:
# ------------
#
# sonic# show aaa
# (No AAA configuration present)
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : None
# Console Exempted : None
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
# Using "deleted" state
#
# Before state:
# -------------
#
# sonic# show aaa
# ---------------------------------------------------------
# AAA Authentication Information
# ---------------------------------------------------------
# failthrough : True
# login-method : local, ldap
# login-mfa : rsa-securid
# console authentication : local
# ---------------------------------------------------------
# AAA Authorization Information
# ---------------------------------------------------------
# login : local, ldap
# commands : local, tacacs+
# ---------------------------------------------------------
# AAA Name-Service Information
# ---------------------------------------------------------
# group-method : ldap
# netgroup-method : local
# passwd-method : login
# shadow-method : ldap
# sudoers-method : local
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : rsa-securid
# Console Exempted : Yes
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
- name: Delete all AAA configuration
dellemc.enterprise_sonic.sonic_aaa:
config: {}
state: deleted
# After state:
# ------------
#
# sonic# show aaa
# (No AAA configuration present)
#
# sonic# show mfa
# ---------------------------------------------------------
# Multi-factor Authentication Information
# ---------------------------------------------------------
# MFA Authentication : None
# Console Exempted : None
# MFA Service Security Profile : None
# RSA SecurID Security Profile : None
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The resulting configuration module invocation. Returned: when changed |
|
The generated configuration module invocation. Returned: when |
|
The configuration prior to the module invocation. Returned: always |
|
The set of commands pushed to the remote device. Returned: always Sample: |