search

HewlettPackard / oneview-ansible-collection

Ansible Collection and Sample Playbooks for HPE OneView
Apache License 2.0
25 stars 22 forks source link

Set permissions for iLO accounts on Synergy blades #224

Closed vinicole closed 1 year ago

vinicole commented 1 year ago

Hello,

I am trying to set up permissions for iLO accounts (local accounts or directory group accounts) in a service profile template. I defined this in an Ansible task as follows:

- name: Create the server profile template
  hpe.oneview.oneview_server_profile_template:
    config: "{{ config }}"
    state: present
    data:
      name: "{{ server_profile.template.name }}"
      description: "{{ server_profile.template.description }}"      
      serverProfileDescription: "{{ server_profile.description }}" 
      serverHardwareTypeName: "{{ hardware_type_name }}"
      enclosureGroupName: "{{ enclosure_group_name }}"
      affinity: "Bay"
      managementProcessor:
        manageMp: true
        complianceControl: "Checked"
        mpSettings:
              - settingType: "LocalAccounts"
            args:
              localAccounts:
                - userName: "user"
                  displayName: "local account"
                  password:  "Password"
                  userConfigPriv: true
                  remoteConsolePriv: true
                  virtualMediaPriv: true
                  virtualPowerAndResetPriv: true
                  iLOConfigPriv: true
                  loginPriv: true
                  hostBIOSPriv: true
                  hostNICPriv: true
                  hostStoragePriv: true
  delegate_to: localhost

I retrieved some of the keywords in the OneView REST API and I guessed the remaining ones but it doesn't work. Creating the account without any permission parameters works fine. I tested this with Oneview 6.0 and Ansible 2.9.27 on a Synergy blade SY480 Gen10 Any idea how this can be solved? Many thanks, V

alisha-k-kalladassery commented 1 year ago

Hi Vinicole,

Please find the below ansible task with all available permissions.

- name: Create a server profile template
  oneview_server_profile_template:
    config: "{{ config }}"
    state: present
    sessionID: "{{ session.ansible_facts.session }}"
    data:
      name: "{{ item.name }}"
      serverHardwareTypeName: "DL380 Gen10 1"
      bios:
        manageBios: true
        overriddenSettings: []
      managementProcessor:
        manageMp: true
        mpSettings:
          - settingType: "LocalAccounts"
            args:
              localAccounts:
                - userName: "user1"
                  displayName: "One"
                  password: "asdfghjkl"
                  userConfigPriv: true
                  remoteConsolePriv: true
                  virtualMediaPriv: true
                  virtualPowerAndResetPriv: true
                  iLOConfigPriv: true
                  loginPriv: true
                  hostBIOSConfigPriv: true
                  hostNICConfigPriv: true
                  hostStorageConfigPriv: true
    params:
      force: "True" # Supported only for API version >= 600
  delegate_to: localhost
  with_items:
    - { name: 'spt' }
    - { name: 'spt-1' }
vinicole commented 1 year ago

Hi Alisha,

I just tested this: it works great!

Many thanks for your support :-) Vinicole