New in version 2.5.
Parameter | Choices/Defaults | Comments |
---|---|---|
aaa_user required | The name of the user to add a certificate to. | |
aaa_user_type |
| Whether this is a normal user or an appuser. |
certificate | The PEM format public key extracted from the X.509 certificate. aliases: cert_data, certificate_data | |
certificate_name | The name of the user certificate entry in ACI. aliases: cert_name | |
host required | IP Address or hostname of APIC resolvable by Ansible control host. aliases: hostname | |
output_level |
| Influence the output of this ACI module. normal means the standard output, incl. current dictinfo adds informational output, incl. previous , proposed and sent dictsdebug adds debugging output, incl. filter_string , method , response , status and url information |
password required | The password to use for authentication. This option is mutual exclusive with private_key . If private_key is provided too, it will be used instead. | |
port | Port number to be used for REST connection. The default value depends on parameter `use_ssl`. | |
private_key required | PEM formatted file that contains your private key to be used for signature-based authentication. The name of the key (without extension) is used as the certificate name in ACI, unless certificate_name is specified.This option is mutual exclusive with password . If password is provided too, it will be ignored.aliases: cert_key | |
state |
| Use present or absent for adding or removing.Use query for listing an object or multiple objects. |
timeout int | Default: 30 | The socket level timeout in seconds. |
use_proxy bool |
| If no , it will not use a proxy, even if one is defined in an environment variable on the target hosts. |
use_ssl bool |
| If no , an HTTP connection will be used instead of the default HTTPS connection. |
username | Default: admin | The username to use for authentication. aliases: user |
validate_certs bool |
| If no , SSL certificates will not be validated.This should only set to no when used on personally controlled sites using self-signed certificates. |
Note
aaa_user
must exist before using this module in your playbook. The aci_aaa_user module can be used for this.- name: Add a certificate to user aci_aaa_user_certificate: host: apic username: admin password: SomeSecretPassword aaa_user: admin certificate_name: admin certificate_data: '{{ lookup("file", "pki/admin.crt") }}' state: present delegate_to: localhost - name: Remove a certificate of a user aci_aaa_user_certificate: host: apic username: admin password: SomeSecretPassword aaa_user: admin certificate_name: admin state: absent delegate_to: localhost - name: Query a certificate of a user aci_aaa_user_certificate: host: apic username: admin password: SomeSecretPassword aaa_user: admin certificate_name: admin state: query delegate_to: localhost register: query_result - name: Query all certificates of a user aci_aaa_user_certificate: host: apic username: admin password: SomeSecretPassword aaa_user: admin state: query delegate_to: localhost register: query_result
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
current list | success | The existing configuration from the APIC after the module has finished Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}] |
error dict | failure | The error information as returned from the APIC Sample: {'text': 'unknown managed object class foo', 'code': '122'} |
filter_string string | failure or debug | The filter string used for the request Sample: ?rsp-prop-include=config-only |
method string | failure or debug | The HTTP method used for the request to the APIC Sample: POST |
previous list | info | The original configuration from the APIC before the module has started Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}] |
proposed dict | info | The assembled configuration from the user-provided parameters Sample: {'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}} |
raw string | parse error | The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata> |
response string | failure or debug | The HTTP response from the APIC Sample: OK (30 bytes) |
sent list | info | The actual/minimal configuration pushed to the APIC Sample: {'fvTenant': {'attributes': {'descr': 'Production environment'}}} |
status int | failure or debug | The HTTP status from the APIC Sample: 200 |
url string | failure or debug | The HTTP url used for the request to the APIC Sample: https://10.11.12.13/api/mo/uni/tn-production.json |
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/aci_aaa_user_certificate_module.html