community.vmware.vmware_local_role_info module – Gather info about local roles on an ESXi host

Note

This module is part of the community.vmware collection (version 2.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.vmware.

To use it in a playbook, specify: community.vmware.vmware_local_role_info.

Synopsis

  • This module can be used to gather information about local role info on an ESXi host

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6

  • PyVmomi

Parameters

Parameter

Comments

hostname

string

The hostname or IP address of the vSphere vCenter or ESXi server.

If the value is not specified in the task, the value of environment variable VMWARE_HOST will be used instead.

Environment variable support added in Ansible 2.6.

password

aliases: pass, pwd

string

The password of the vSphere vCenter or ESXi server.

If the value is not specified in the task, the value of environment variable VMWARE_PASSWORD will be used instead.

Environment variable support added in Ansible 2.6.

port

integer

The port number of the vSphere vCenter or ESXi server.

If the value is not specified in the task, the value of environment variable VMWARE_PORT will be used instead.

Environment variable support added in Ansible 2.6.

Default: 443

proxy_host

string

Address of a proxy that will receive all HTTPS requests and relay them.

The format is a hostname or a IP.

If the value is not specified in the task, the value of environment variable VMWARE_PROXY_HOST will be used instead.

This feature depends on a version of pyvmomi greater than v6.7.1.2018.12

proxy_port

integer

Port of the HTTP proxy that will receive all HTTPS requests and relay them.

If the value is not specified in the task, the value of environment variable VMWARE_PROXY_PORT will be used instead.

username

aliases: admin, user

string

The username of the vSphere vCenter or ESXi server.

If the value is not specified in the task, the value of environment variable VMWARE_USER will be used instead.

Environment variable support added in Ansible 2.6.

validate_certs

boolean

Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.

If the value is not specified in the task, the value of environment variable VMWARE_VALIDATE_CERTS will be used instead.

Environment variable support added in Ansible 2.6.

If set to true, please make sure Python >= 2.7.9 is installed on the given machine.

Choices:

  • no

  • yes ← (default)

Notes

Note

  • Tested on ESXi 6.5

  • Be sure that the ESXi user used for login, has the appropriate rights to view roles

  • The module returns a list of dict in version 2.8 and above.

  • All modules requires API write access and hence is not supported on a free ESXi license.

Examples

- name: Gather info about local role from an ESXi
  community.vmware.vmware_local_role_info:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
  register: fact_details
  delegate_to: localhost
- name: Get Admin privileges
  set_fact:
    admin_priv: "{{ fact_details.local_role_info | selectattr('role_name', 'equalto', 'Admin') | map(attribute='privileges') | first  }}"
- debug:
    msg: "{{ admin_priv }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

local_role_info

list / elements=string

A list of dict about role information present on ESXi host

Returned: always

Sample: [{“privileges”: [“Alarm.Acknowledge”, “Alarm.Create”, “Alarm.Delete”, “Alarm.DisableActions”], “role_id”: -12, “role_info_label”: “Ansible User”, “role_info_summary”: “Ansible Automation user”, “role_name”: “AnsiUser1”, “role_system”: true}, {“privileges”: [], “role_id”: -5, “role_info_label”: “No access”, “role_info_summary”: “Used for restricting granted access”, “role_name”: “NoAccess”, “role_system”: true}, {“privileges”: [“System.Anonymous”, “System.View”], “role_id”: -3, “role_info_label”: “View”, “role_info_summary”: “Visibility access (cannot be granted)”, “role_name”: “View”, “role_system”: true}]

Authors

  • Abhijeet Kasurde (@Akasurde)