Open Wobak opened 3 years ago
ansibullbot
commented
3 years ago Files identified in the description: None
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
sky-joker
commented
3 years ago Thank you @Wobak for requesting a new module.
Unfortunately, a domain user doesn't manage via vSphere API.
As an alternative, you can manage using the VCSA command.
sky-joker
commented
3 years ago FYI
I tried the domain user addition and deletion with VCSA command and Ansible.
I will explain how to it below.
Please change the default shell to bash from appliancesh.
The above operation needs for executing the command in Ansible after connection to VCSA with SSH.
https://kb.vmware.com/s/article/2100508
Please change the following inventory file based on your environment.
all:
hosts:
vCenter Host: # <- change
ansible_user: root
ansible_password: SSH login password for VCSA # <- change
vars:
vcenter_username: administrator@vsphere.local
vcenter_password: VCSA Password # <- changeThe playbook separated the task with the tags by the purpose I want to add or delete.
---
- name: Example playbook
hosts: all
gather_facts: false
vars:
# this is domain user params
user_name: user01
user_password: P@ssW0rd!
user_first_name: user01
user_last_name: user01
tasks:
- name: Gather a domain user info of the vsphere.local domain
community.vmware.vcenter_domain_user_group_info:
hostname: "{{ inventory_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
validate_certs: false
domain: vsphere.local
search_string: "vsphere.local\\{{ user_name }}"
exact_match: true
register: gather_domain_user_info_result
delegate_to: localhost
tags:
- always
- name: Add the domain user of the vsphere.local domain if it doesn't exist
command: >-
/usr/lib/vmware-vmafd/bin/dir-cli user create
--account "{{ user_name }}"
--user-password "{{ user_password }}"
--login "{{ vcenter_username }}"
--password "{{ vcenter_password }}"
--first-name "{{ user_first_name }}"
--last-name "{{ user_last_name }}"
changed_when: true
when:
- gather_domain_user_info_result.domain_user_groups | length == 0
tags:
- add_user
- never
- name: Delete the domain user of the vsphere.local domain if it exists
command: >-
/usr/lib/vmware-vmafd/bin/dir-cli user delete
--account "{{ user_name }}"
--login "{{ vcenter_username }}"
--password "{{ vcenter_password }}"
changed_when: true
when:
- gather_domain_user_info_result.domain_user_groups | length == 1
tags:
- delete_user
- neverAdd a domain user.
$ ansible-playbook main.yml -i inventory.yml --tag add_userDelete a domain user.
$ ansible-playbook main.yml -i inventory.yml --tag delete_user
Wobak
commented
3 years ago Thank you very much, this is really helpful :)
SUMMARY
Have a module in community.vmware to interact with users on a vCenter (not local to ESXi)
ISSUE TYPE
Start a module that will interact with a vCenter instead of an ESXi server
COMPONENT NAME
community.vmware.vcenter_domain_user_manager
ADDITIONAL INFORMATION
Whenever an ESXi is added to a vCenter, the users / groups are delegated to a SSO server in the PSC. So the local_role_manager has no longer an effect if you want to add roles to the new domain
ANSIBLE VERSION