Some builtin roles fail when added to user profiles in nxos_user
thomasbridge74 opened this issue · 0 comments
thomasbridge74 commented
SUMMARY
A number of NXOS builtin roles are not supported by the nxos_user module.
ISSUE TYPE
- Bug Report
COMPONENT NAME
nxos_user
ANSIBLE VERSION
$ ansible --version
ansible [core 2.14.6]
config file = /home/thomas.bridge/compliance_checks/ansible.cfg
configured module search path = ['/home/thomas.bridge/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/thomas.bridge/compliance_checks/.venv/lib/python3.9/site-packages/ansible
ansible collection location = /home/thomas.bridge/compliance_checks/collections
executable location = /home/thomas.bridge/compliance_checks/.venv/bin/ansible
python version = 3.9.16 (main, Dec 7 2022, 01:11:51) [GCC 9.4.0] (/home/thomas.bridge/compliance_checks/.venv/bin/python)
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
$ ansible-galaxy collection list cisco.nxos
# /home/thomas.bridge/PROJECT/collections/ansible_collections
Collection Version
---------- -------
cisco.nxos 0.0.0
# /home/thomas.bridge/PROJECT/.venv/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
cisco.nxos 4.3.0
CONFIGURATION
(compliance-py3.9) thomas.bridge@vdi-ld6-lnx-161:~/PROJECT_FOLDER$ ansible-config dump --only-changed
COLLECTIONS_PATHS(/home/thomas.bridge/PROJECT_FOLDER/ansible.cfg) = ['/home/thomas.bridge/PROJECT_FOLDER/collections']
CONFIG_FILE() = /home/thomas.bridge/PROJECT_FOLDER/ansible.cfg
DEFAULT_FORKS(/home/thomas.bridge/PROJECT_FOLDER/ansible.cfg) = 5
HOST_KEY_CHECKING(/home/thomas.bridge/PROJECT_FOLDER/ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/home/thomas.bridge/PROJECT_FOLDER/ansible.cfg) = 450
RETRY_FILES_ENABLED(/home/thomas.bridge/PROJECT_FOLDER/ansible.cfg) = True
OS / ENVIRONMENT
Host OS: Ubuntu 22.04
Two target NXOS versions: 9.3(10) and 7.0(3)I7(6)
STEPS TO REPRODUCE
---
- name: "Local User management"
hosts: all
gather_facts: false
tasks:
- name: "Creating accounts on Nexus"
cisco.nxos.nxos_user:
aggregate:
- name: devopsuser
role:
- dev-ops
register: user_report
EXPECTED RESULTS
The user to have the dev-ops role assigned and ansible to execute correctly
ACTUAL RESULTS
TASK [Creating accounts on Nexus] *************************************************************************************************************************************************************
task path: /home/thomas.bridge/PROJECT_FOLDER/pb.yml:7
redirecting (type: action) cisco.nxos.nxos_user to cisco.nxos.nxos
redirecting (type: become) ansible.builtin.enable to ansible.netcommon.enable
redirecting (type: become) ansible.builtin.enable to ansible.netcommon.enable
redirecting (type: action) cisco.nxos.nxos_user to cisco.nxos.nxos
redirecting (type: action) cisco.nxos.nxos_user to cisco.nxos.nxos
redirecting (type: action) cisco.nxos.nxos_user to cisco.nxos.nxos
redirecting (type: action) cisco.nxos.nxos_user to cisco.nxos.nxos
[WARNING]: Module did not set no_log for update_password
fatal: [UK1-lab-device-2]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"aggregate": [
{
"configured_password": null,
"name": "devopsuser",
"role": [
"dev-ops"
],
"roles": [
"dev-ops"
],
"sshkey": null,
"state": "present",
"update_password": null
}
],
"configured_password": null,
"name": null,
"purge": false,
"roles": null,
"sshkey": null,
"state": "present",
"update_password": "always"
}
},
"msg": "invalid role specified"
}
fatal: [UK1-lab-device-3]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"aggregate": [
{
"configured_password": null,
"name": "devopsuser",
"role": [
"dev-ops"
],
"roles": [
"dev-ops"
],
"sshkey": null,
"state": "present",
"update_password": null
}
],
"configured_password": null,
"name": null,
"purge": false,
"roles": null,
"sshkey": null,
"state": "present",
"update_password": "always"
}
},
"msg": "invalid role specified"
}
to retry, use: --limit @/home/thomas.bridge/PROJECT_FOLDER/pb.retry
PLAY RECAP ************************************************************************************************************************************************************************************
UK1-lab-device-2 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
UK1-lab-device-3 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Comment
I believe the issue is that the BUILTIN_ROLES list variable at https://github.com/ansible-collections/cisco.nxos/blob/main/plugins/modules/nxos_user.py#L207
I will create a pull request to update this variable with all the system roles I see in our lab environment.