community.network.ce_aaa_server – Manages AAA server global configuration on HUAWEI CloudEngine switches.

Note

This plugin is part of the community.network collection (version 3.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.ce_aaa_server.

Synopsis

  • Manages AAA server global configuration on HUAWEI CloudEngine switches.

Parameters

Parameter Choices/Defaults Comments
accounting_mode
string
    Choices:
  • invalid
  • hwtacacs
  • radius
  • none ←
Accounting Mode.
acct_scheme_name
string
Accounting scheme name. The value is a string of 1 to 32 characters.
authen_scheme_name
string
Name of an authentication scheme. The value is a string of 1 to 32 characters.
author_scheme_name
string
Name of an authorization scheme. The value is a string of 1 to 32 characters.
domain_name
string
Name of a domain. The value is a string of 1 to 64 characters.
first_authen_mode
string
    Choices:
  • invalid
  • local ←
  • hwtacacs
  • radius
  • none
Preferred authentication mode.
first_author_mode
string
    Choices:
  • invalid
  • local ←
  • hwtacacs
  • if-authenticated
  • none
Preferred authorization mode.
hwtacas_template
string
Name of a HWTACACS template. The value is a string of 1 to 32 case-insensitive characters.
local_user_group
string
Name of the user group where the user belongs. The user inherits all the rights of the user group. The value is a string of 1 to 32 characters.
radius_server_group
string
RADIUS server group's name. The value is a string of 1 to 32 case-insensitive characters.
state
string
    Choices:
  • absent
  • present ←
Specify desired state of the resource.

Notes

Note

  • This module requires the netconf system service be enabled on the remote device being managed.

  • Recommended connection is netconf.

  • This module also works with local connections for legacy playbooks.

Examples

- name: AAA server test
  hosts: cloudengine
  connection: local
  gather_facts: no
  vars:
    cli:
      host: "{{ inventory_hostname }}"
      port: "{{ ansible_ssh_port }}"
      username: "{{ username }}"
      password: "{{ password }}"
      transport: cli

  tasks:

  - name: "Radius authentication Server Basic settings"
    community.network.ce_aaa_server:
      state: present
      authen_scheme_name: test1
      first_authen_mode: radius
      radius_server_group: test2
      provider: "{{ cli }}"

  - name: "Undo radius authentication Server Basic settings"
    community.network.ce_aaa_server:
      state: absent
      authen_scheme_name: test1
      first_authen_mode: radius
      radius_server_group: test2
      provider: "{{ cli }}"

  - name: "Hwtacacs accounting Server Basic settings"
    community.network.ce_aaa_server:
      state: present
      acct_scheme_name: test1
      accounting_mode: hwtacacs
      hwtacas_template: test2
      provider: "{{ cli }}"

  - name: "Undo hwtacacs accounting Server Basic settings"
    community.network.ce_aaa_server:
      state: absent
      acct_scheme_name: test1
      accounting_mode: hwtacacs
      hwtacas_template: test2
      provider: "{{ cli }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
changed
boolean
always
check to see if a change was made on the device

Sample:
True
end_state
dictionary
always
k/v pairs of aaa params after module execution

Sample:
{'accounting scheme': [['hwtacacs', 'test1']], 'hwtacacs template': ['huawei', 'test2']}
existing
dictionary
always
k/v pairs of existing aaa server

Sample:
{'accounting scheme': [['hwtacacs'], ['default']], 'hwtacacs template': ['huawei']}
proposed
dictionary
always
k/v pairs of parameters passed into module

Sample:
{'accounting_mode': 'hwtacacs', 'acct_scheme_name': 'test1', 'hwtacas_template': 'test2', 'state': 'present'}
updates
list / elements=string
always
command sent to the device

Sample:
['accounting-scheme test1', 'accounting-mode hwtacacs', 'hwtacacs server template test2', 'hwtacacs enable']


Authors

  • wangdezhuang (@QijunPan)