F5 bigip_user module

I’ve been having an issue with the F5 bigip_user module and the read_csv module together.

I want to feed a list of users to the playbook that calls the bigip_user module and iterate through it to update our BIG-IP’s. Everything works great except when shell=bash from the CSV. If I statically set the value to bash, the playbook runs successfully. If I set the shell to none or tmsh in the CSV the playbook finishes successfully. If I change shell=bash in the CSV, that entry fails. I’ve attached a screenshot of the playbook. I’m running this from CentOS 8. I’d appreciate any suggestions on what I might be missing. Thanks!

ansible [core 2.16.3]
config file = /etc/ansible/ansible.cfg
configured module search path = [‘/root/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
ansible python module location = /root/.local/lib/python3.11/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /bin/ansible
python version = 3.11.5 (main, Jan 12 2024, 23:13:15) [GCC 8.5.0 20210514 (Red Hat 8.5.0-21)] (/usr/bin/python3.11)
jinja version = 3.1.3
libyaml = True

CSV File:

Does not work:

username,role,shell,state
peter,application-editor,tmsh,present
quagmire,admin,tmsh,present
joe,admin,tmsh,present
lois,admin,bash,present

Does work:

username,role,shell,state
peter,application-editor,tmsh,present
quagmire,admin,tmsh,present
joe,admin,tmsh,present
lois,admin,tmsh,present

Error message:

failed: [ntglab-bigip-2.net.brown.edu -> localhost] (item={'username': 'lois', 'role': 'admin', 'shell': 'bash', 'state': 'present'}) => {"ansible_loop_var": "user", "changed": false, "msg": "Shell access is only available to 'admin' or 'resource-admin' roles.", "user": {"role": "admin", "shell": "bash", "state": "present", "username": "lois"}}


Playbook:

- name: Update F5 Users
  hosts: all
  connection: local
  #gather_facts: false

  vars_prompt:

   - name: f5adminuser
     prompt: What is your F5 Username?
     private: false

   - name: f5password
     prompt: What is your F5 Password?

  vars:
    provider:
      no_f5_teem: false
      password: "{{ f5password }}"
      server: "{{ inventory_hostname }}"
      user: "{{ f5adminuser }}"
      validate_certs: no
      server_port: 443

  tasks:
    - name: "Read user file"
      read_csv:
        path: f5userlist.csv
        delimiter: ","
        dialect: excel
      register: f5user
      delegate_to: localhost
    - name: Update F5 User
      #debugger: on_failed
      f5networks.f5_modules.bigip_user:
         name: "{{ user.username }}"
         partition_access:
           - all:"{{ user.role }}"
         shell: "{{ user.shell }}"
         state: "{{ user.state }}"
         provider: "{{ provider }}"
      delegate_to: localhost
      loop: "{{ f5user.list }}"
      loop_control:
        loop_var: user

    - name: Save the running configuration of the BIG-IP
      f5networks.f5_modules.bigip_config:
         save: true
         provider: "{{ provider }}"

Hello @tundra21, I was able to replicate the error. What I’ve found-out is that you have a very small issue in your code when parsing the partition_access parameter. Try it this way:

    - name: Update F5 User
      f5networks.f5_modules.bigip_user:
        name: "{{ user.username }}"
        partition_access:
          - "all:{{ user.role }}"
        shell: "{{ user.shell }}"
        state: "{{ user.state }}"
        provider: "{{ provider }}"
      loop: "{{ f5user.list }}"
      loop_control:
        loop_var: user
      delegate_to: localhost

(Notice that I’ve wrapped the whole expression with the the quotation marks).

Cheers!

2 Likes

Thank you! That was it! I made that change and now it runs successfully. Much appreciated!

2 Likes

Nice!! :smiley: Actually it took me while to see where the problem was hehe

One last thing: may I ask you to tick the solved check :white_check_mark: on my post with the solution, for housekeeping sake? This way, this thread will appear as solved on the Get Help category. Thanks!

1 Like