dellemc.enterprise_sonic.sonic_login_lockout module – Manage Global Login Lockout configurations on SONiC

Note

This module is part of the dellemc.enterprise_sonic collection (version 3.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_login_lockout.

New in dellemc.enterprise_sonic 2.5.0

Synopsis

  • This module provides configuration management of login lockout parameters.

  • Login Lockout feature is to lock out the user account for user-lockout-period after the max-retry failed attempts. Console exempt option can be enabled to skip the login lockout validations for console users.

Parameters

Parameter

Comments

config

dictionary

The set of login lockout attribute configurations

console_exempt

boolean

Exempt console logins from account lockout.

Choices:

  • false

  • true

max_retries

integer

The number of maximum password retries.

The range is from 0 to 16

period

integer

Account lockout period in minutes

The range is from 0 to 43200

state

string

Specifies the operation to be performed on the login attributes configured on the device.

If the state is “merged”, merge specified attributes with existing configured login attributes.

For “deleted”, delete the specified login attributes from existing configuration.

For “overridden”, Overrides all on-device login lockout configurations with the provided configuration.

For “replaced”, Replaces on-device login lockout configurations with the provided configuration.

Choices:

  • "merged" ← (default)

  • "deleted"

  • "overridden"

  • "replaced"

Examples

# Using deleted
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# !
# login lockout period 12
# login lockout max-retries 5
# login lockout console-exempt
# !

  - name: Delete Login Lockout configurations
    dellemc.enterprise_sonic.sonic_login_lockout:
      config:
        period: 12
        max_retries : 5
      state: deleted

# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout console-exempt
# !
# sonic#


# Using merged
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# sonic#

  - name: Modify Login Lockout configurations
    dellemc.enterprise_sonic.sonic_login_lockout:
      config:
        console_exempt: true
        period: 12
        max_retries : 5
      state: merged

# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout period 12
# login lockout max-retries 5
# login lockout console-exempt
# !

# Using overridden
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# !
# login lockout period 10
# login lockout max-retries 2
# !
# sonic#

  - name: Override Login Lockout configurations
    dellemc.enterprise_sonic.sonic_login_lockout:
      config:
        console_exempt: true
        period: 11
        max_retries : 3
      state: overridden

# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout period 11
# login lockout max-retries 3
# login lockout console-exempt
# !

# Using replaced
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# !
# login lockout period 10
# login lockout max-retries 2
# !
# sonic#

  - name: Replace Login Lockout configurations
    dellemc.enterprise_sonic.sonic_login_lockout:
      config:
        period: 15
      state: replaced

# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout period 15
# !

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

after

dictionary

The resulting configuration module invocation.

Returned: when changed

Sample: "The configuration returned will always be in the same format as the parameters above.\n"

before

dictionary

The configuration prior to the module invocation.

Returned: always

Sample: "The configuration returned will always be in the same format as the parameters above.\n"

commands

list / elements=string

The set of commands pushed to the remote device.

Returned: always

Sample: ["command 1", "command 2", "command 3"]

Authors

  • Arul Kumar Shankara Narayanan(@arulkumar9690)