New in version 2.0.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
account_type
string
|
|
Type of the account.
|
api_http_method
string
|
|
HTTP method used to query the API endpoint.
If not given, the
CLOUDSTACK_METHOD env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is
get if not specified. |
api_key
string
|
API key of the CloudStack API.
If not given, the
CLOUDSTACK_KEY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
api_region
string
|
Default: "cloudstack"
|
Name of the ini section in the
cloustack.ini file.If not given, the
CLOUDSTACK_REGION env variable is considered. |
api_secret
string
|
Secret key of the CloudStack API.
If not set, the
CLOUDSTACK_SECRET env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
api_timeout
integer
|
HTTP timeout in seconds.
If not given, the
CLOUDSTACK_TIMEOUT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is 10 seconds if not specified.
|
|
api_url
string
|
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the
CLOUDSTACK_ENDPOINT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
domain
string
|
Default: "ROOT"
|
Domain the account is related to.
|
email
string
|
Email of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
|
|
first_name
string
|
First name of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
|
|
last_name
string
|
Last name of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
|
|
ldap_domain
string
added in 2.8 |
Name of the LDAP group or OU to bind.
If set, account will be linked to LDAP.
|
|
ldap_type
string
added in 2.8 |
|
Type of the ldap name. GROUP or OU, defaults to GROUP.
|
name
string
/ required
|
Name of account.
|
|
network_domain
string
|
Network domain of the account.
|
|
password
string
|
Password of the user to be created if account did not exist.
Required on state=present if ldap_domain is not set.
|
|
poll_async
boolean
|
|
Poll async jobs until job has finished.
|
role
string
added in 2.8 |
Creates the account under the specified role name or id.
|
|
state
string
|
|
State of the account.
unlocked is an alias for enabled . |
timezone
string
|
Timezone of the user to be created if account did not exist.
|
|
username
string
|
Username of the user to be created if account did not exist.
Required on state=present.
|
Note
cs
library’s configuration method if credentials are not provided by the arguments api_url
, api_key
, api_secret
. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT
, CLOUDSTACK_KEY
, CLOUDSTACK_SECRET
and CLOUDSTACK_METHOD
. CLOUDSTACK_TIMEOUT
environment variables. A CLOUDSTACK_CONFIG
environment variable pointing to an .ini
file. A cloudstack.ini
file in the current working directory. A .cloudstack.ini
file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini
. Use the argument api_region
to select the section name, default section is cloudstack
. See https://github.com/exoscale/cs for more information.- name: create an account in domain 'CUSTOMERS'
cs_account:
name: customer_xy
username: customer_xy
password: S3Cur3
last_name: Doe
first_name: John
email: john.doe@example.com
domain: CUSTOMERS
role: Domain Admin
delegate_to: localhost
- name: Lock an existing account in domain 'CUSTOMERS'
cs_account:
name: customer_xy
domain: CUSTOMERS
state: locked
delegate_to: localhost
- name: Disable an existing account in domain 'CUSTOMERS'
cs_account:
name: customer_xy
domain: CUSTOMERS
state: disabled
delegate_to: localhost
- name: Enable an existing account in domain 'CUSTOMERS'
cs_account:
name: customer_xy
domain: CUSTOMERS
state: enabled
delegate_to: localhost
- name: Remove an account in domain 'CUSTOMERS'
cs_account:
name: customer_xy
domain: CUSTOMERS
state: absent
delegate_to: localhost
- name: Create a single user LDAP account in domain 'CUSTOMERS'
cs_account:
name: customer_xy
username: customer_xy
domain: CUSTOMERS
ldap_domain: cn=customer_xy,cn=team_xy,ou=People,dc=domain,dc=local
delegate_to: localhost
- name: Create a LDAP account in domain 'CUSTOMERS' and bind it to a LDAP group
cs_account:
name: team_xy
username: customer_xy
domain: CUSTOMERS
ldap_domain: cn=team_xy,ou=People,dc=domain,dc=local
delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
account_type
string
|
success |
Type of the account.
Sample:
user
|
domain
string
|
success |
Domain the account is related.
Sample:
ROOT
|
id
string
|
success |
UUID of the account.
Sample:
87b1e0ce-4e01-11e4-bb66-0050569e64b8
|
name
string
|
success |
Name of the account.
Sample:
linus@example.com
|
network_domain
string
|
success |
Network domain of the account.
Sample:
example.local
|
role
string
|
success |
The role name of the account
Sample:
Domain Admin
|
state
string
|
success |
State of the account.
Sample:
enabled
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.