dellemc.enterprise_sonic.sonic_login_lockout module – Manage Global Login Lockout configurations on SONiC
Note
This module is part of the dellemc.enterprise_sonic collection (version 3.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic
.
To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_login_lockout
.
New in dellemc.enterprise_sonic 2.5.0
Synopsis
This module provides configuration management of login lockout parameters.
Login Lockout feature is to lock out the user account for user-lockout-period after the max-retry failed attempts. Console exempt option can be enabled to skip the login lockout validations for console users.
Parameters
Parameter |
Comments |
---|---|
The set of login lockout attribute configurations |
|
Exempt console logins from account lockout. Choices:
|
|
The number of maximum password retries. The range is from 0 to 16 |
|
Account lockout period in minutes The range is from 0 to 43200 |
|
Specifies the operation to be performed on the login attributes configured on the device. If the state is “merged”, merge specified attributes with existing configured login attributes. For “deleted”, delete the specified login attributes from existing configuration. For “overridden”, Overrides all on-device login lockout configurations with the provided configuration. For “replaced”, Replaces on-device login lockout configurations with the provided configuration. Choices:
|
Examples
# Using deleted
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# !
# login lockout period 12
# login lockout max-retries 5
# login lockout console-exempt
# !
- name: Delete Login Lockout configurations
dellemc.enterprise_sonic.sonic_login_lockout:
config:
period: 12
max_retries : 5
state: deleted
# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout console-exempt
# !
# sonic#
# Using merged
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# sonic#
- name: Modify Login Lockout configurations
dellemc.enterprise_sonic.sonic_login_lockout:
config:
console_exempt: true
period: 12
max_retries : 5
state: merged
# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout period 12
# login lockout max-retries 5
# login lockout console-exempt
# !
# Using overridden
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# !
# login lockout period 10
# login lockout max-retries 2
# !
# sonic#
- name: Override Login Lockout configurations
dellemc.enterprise_sonic.sonic_login_lockout:
config:
console_exempt: true
period: 11
max_retries : 3
state: overridden
# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout period 11
# login lockout max-retries 3
# login lockout console-exempt
# !
# Using replaced
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep lockout
# !
# login lockout period 10
# login lockout max-retries 2
# !
# sonic#
- name: Replace Login Lockout configurations
dellemc.enterprise_sonic.sonic_login_lockout:
config:
period: 15
state: replaced
# After State:
# ------------
# sonic# show running-configuration | grep lockout
# !
# login lockout period 15
# !
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The resulting configuration module invocation. Returned: when changed Sample: |
|
The configuration prior to the module invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |