Adding the Admin role to newly created VMWare local user (host)

Good Day everyone,

First: I apologize if this thread if posted someplace else, I’ve looked but cannot find this particular issue…

I’m new to Ansible and configurations but I learn fairly quickly. I have been trying for hours to figure out which module and how to add the Administrator role to a newly created local user account on a VMWare host machine.

I’ve been able to figure out 90% of what I need so far, I just cannot figure out this piece.

This is what I have now…

    - name: Add User Roles
      community.vmware.vmware_local_role_manager:
        hostname: "{{ esxi_host }}"
        username: "{{ esxi_user }}"
        password: "{{ esxi_password }}"
        validate_certs: false
        local_role_name: "Administrator"
        principal: "{{ item.new_username }}"
        state: present
      loop: "{{ users }}"
      delegate_to: localhost

Edit:
This is the error I’m getting:

TASK [Add User Roles] *****************************************************************************
failed: [10.10.10.176 → localhost] (item={‘new_username’: ‘Armory’, ‘password’: ‘P@ssw0rd1!’, ‘description’: ‘Armory Staff’, ‘role’: ‘Admin’}) => {“ansible_loop_var”: “item”, “changed”: false, “item”: {“description”: “Armory Staff”, “new_username”: “Armory”, “password”: “P@ssw0rd1!”, “role”: “Admin”}, “msg”: “Unsupported parameters for (community.vmware.vmware_local_role_manager) module: principal. Supported parameters include: action, force_remove, hostname, local_privilege_ids, local_role_name, password, port, proxy_host, proxy_port, state, username, validate_certs (admin, pass, pwd, user).”}
failed: [10.10.10.176 → localhost] (item={‘new_username’: ‘Support’, ‘password’: ‘KJHC@!#!CAWlkjasc’, ‘description’: ‘Support Staff’, ‘role’: ‘Admin’}) => {“ansible_loop_var”: “item”, “changed”: false, “item”: {“description”: “Support Staff”, “new_username”: “Support”, “password”: “KJHC@!#!CAWlkjasc”, “role”: “Admin”}, “msg”: “Unsupported parameters for (community.vmware.vmware_local_role_manager) module: principal. Supported parameters include: action, force_remove, hostname, local_privilege_ids, local_role_name, password, port, proxy_host, proxy_port, state, username, validate_certs (admin, pass, pwd, user).”}

I’ve also tried with the community.vmware.vmware_object_role_permission module… I just can’t seem to figure it out and when I search online, it pulls up EVERYTHING except what I’m looking for…

I just need a little help.

Thanks,
Nate

The error message is pretty clear. You are trying to set the parameter ‘principal’ but the vmware_local_role_manager module does not have such a parameter. From the documentation it looks like you are looking for the ‘local_privilege_ids’ parameter instead. Or you are looking for the ’ vmware_object_role_permission’ module which does have a principal parameter and looks to be more like what you are trying to do.

3 Likes

I appreciate the reply.

I didn’t realize that I had to assign a permission to a folder and was trying everything except folders… so now my playbook looks like this…

    users:
      - new_username: adminstaff
        password: <password here>
        description: "Admin department Staff"
        role: "Admin"
      - new_username: support
        password: <password here>
        description: "Support Staff"
        role: "Admin"
      - new_username: deploy
        password: <password here>
        role: "ReadOnly"
        description: "deployment user account"

  tasks:
    - name: Create user accounts
      community.vmware.vmware_local_user_manager:
        hostname: "{{ esxi_host }}"
        username: "{{ esxi_user }}"
        password: "{{ esxi_password }}"
        validate_certs: false
        local_user_name: "{{ item.new_username }}"
        local_user_password: "{{ item.password }}"
        local_user_description: "{{ item.description }}"
        state: present
      loop: "{{ users }}"
      delegate_to: localhost

    - name: Add User Roles
      community.vmware.vmware_object_role_permission:
        hostname: "{{ esxi_host }}"
        username: "{{ esxi_user }}"
        password: "{{ esxi_password }}"
        validate_certs: false
        object_name: rootFolder
        role: "{{ item.role }}"
        principal: "{{ item.new_username }}"
        state: present
      loop: "{{ users }}"
      delegate_to: localhost

This method works and each user has been put in the admin/ReadOnly group respectfully.

Thanks, I appreciate your time.

1 Like