You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

bigip_user - Manage user accounts and user attributes on a BIG-IP.¶

New in version 2.4.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis ¶

Manage user accounts and user attributes on a BIG-IP.

Requirements (on host that executes module)¶

f5-sdk

Options ¶

parameter	required	default	choices	comments
full_name	no			Full name of the user.
partition_access	no			Specifies the administrative partition to which the user has access. `partition_access` is required when creating a new account. Should be in the form "partition:role". Valid roles include `acceleration-policy-editor`, `admin`, `application-editor`, `auditor` `certificate-manager`, `guest`, `irule-manager`, `manager`, `no-access` `operator`, `resource-admin`, `user-manager`, `web-application-security-administrator`, and `web-application-security-editor`. Partition portion of tuple should be an existing partition or the value 'all'.
password	yes			The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable `F5_PASSWORD` is set.
password_credential	no			Set the users password to this unencrypted value. `password_credential` is required when creating a new account.
server	yes			The BIG-IP host. This option can be omitted if the environment variable `F5_SERVER` is set.
server_port (added in 2.2)	no	443		The BIG-IP server port. This option can be omitted if the environment variable `F5_SERVER_PORT` is set.
shell	no		bash none tmsh	Optionally set the users shell.
state	no	present	present absent	Whether the account should exist or not, taking action if the state is different from what is stated.
update_password	no	on_create	always on_create	`always` will allow to update passwords if the user chooses to do so. `on_create` will only set the password for newly created users.
user	yes			The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable `F5_USER` is set.
username_credential	yes			Name of the user to create, remove or modify. aliases: name
validate_certs (added in 2.0)	no	True	True False	If `no`, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable `F5_VALIDATE_CERTS` is set.

Examples ¶

- name: Add the user 'johnd' as an admin
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      username_credential: "johnd"
      password_credential: "password"
      full_name: "John Doe"
      partition_access: "all:admin"
      update_password: "on_create"
      state: "present"
  delegate_to: localhost

- name: Change the user "johnd's" role and shell
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      username_credential: "johnd"
      partition_access: "NewPartition:manager"
      shell: "tmsh"
      state: "present"
  delegate_to: localhost

- name: Make the user 'johnd' an admin and set to advanced shell
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      name: "johnd"
      partition_access: "all:admin"
      shell: "bash"
      state: "present"
  delegate_to: localhost

- name: Remove the user 'johnd'
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      name: "johnd"
      state: "absent"
  delegate_to: localhost

- name: Update password
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      username_credential: "johnd"
      password_credential: "newsupersecretpassword"
  delegate_to: localhost

# Note that the second time this task runs, it would fail because
# The password has been changed. Therefore, it is recommended that
# you either,
#
#   * Put this in its own playbook that you run when you need to
#   * Put this task in a `block`
#   * Include `ignore_errors` on this task
- name: Change the Admin password
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      username_credential: "admin"
      password_credential: "NewSecretPassword"
  delegate_to: localhost

Return Values ¶

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
full_name	Full name of the user	changed and success	string	John Doe
partition_access	List of strings containing the user's roles and which partitions they are applied to. They are specified in the form "partition:role".	changed and success	list	['all:admin']
shell	The shell assigned to the user account	changed and success	string	tmsh

Notes ¶

Note

Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
Requires BIG-IP versions >= 12.0.0

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.