I’ve been having an issue with the F5 bigip_user module and the read_csv module together.
I want to feed a list of users to the playbook that calls the bigip_user module and iterate through it to update our BIG-IP’s. Everything works great except when shell=bash from the CSV. If I statically set the value to bash, the playbook runs successfully. If I set the shell to none or tmsh in the CSV the playbook finishes successfully. If I change shell=bash in the CSV, that entry fails. I’ve attached a screenshot of the playbook. I’m running this from CentOS 8. I’d appreciate any suggestions on what I might be missing. Thanks!
ansible [core 2.16.3]
config file = /etc/ansible/ansible.cfg
configured module search path = [‘/root/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
ansible python module location = /root/.local/lib/python3.11/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /bin/ansible
python version = 3.11.5 (main, Jan 12 2024, 23:13:15) [GCC 8.5.0 20210514 (Red Hat 8.5.0-21)] (/usr/bin/python3.11)
jinja version = 3.1.3
libyaml = True
CSV File:
Does not work:
username,role,shell,state
peter,application-editor,tmsh,present
quagmire,admin,tmsh,present
joe,admin,tmsh,present
lois,admin,bash,present
Does work:
username,role,shell,state
peter,application-editor,tmsh,present
quagmire,admin,tmsh,present
joe,admin,tmsh,present
lois,admin,tmsh,present
Error message:
failed: [ntglab-bigip-2.net.brown.edu -> localhost] (item={'username': 'lois', 'role': 'admin', 'shell': 'bash', 'state': 'present'}) => {"ansible_loop_var": "user", "changed": false, "msg": "Shell access is only available to 'admin' or 'resource-admin' roles.", "user": {"role": "admin", "shell": "bash", "state": "present", "username": "lois"}}
Playbook:
- name: Update F5 Users
hosts: all
connection: local
#gather_facts: false
vars_prompt:
- name: f5adminuser
prompt: What is your F5 Username?
private: false
- name: f5password
prompt: What is your F5 Password?
vars:
provider:
no_f5_teem: false
password: "{{ f5password }}"
server: "{{ inventory_hostname }}"
user: "{{ f5adminuser }}"
validate_certs: no
server_port: 443
tasks:
- name: "Read user file"
read_csv:
path: f5userlist.csv
delimiter: ","
dialect: excel
register: f5user
delegate_to: localhost
- name: Update F5 User
#debugger: on_failed
f5networks.f5_modules.bigip_user:
name: "{{ user.username }}"
partition_access:
- all:"{{ user.role }}"
shell: "{{ user.shell }}"
state: "{{ user.state }}"
provider: "{{ provider }}"
delegate_to: localhost
loop: "{{ f5user.list }}"
loop_control:
loop_var: user
- name: Save the running configuration of the BIG-IP
f5networks.f5_modules.bigip_config:
save: true
provider: "{{ provider }}"
Actually it took me while to see where the problem was hehe
on my post with the solution, for housekeeping sake? This way, this thread will appear as solved on the