Yesterday, while working with Ansible to fully deploy and configure an NSX-v Manager, we worked out a method to add a user or group of users and assign the appropriate role. The current NSX Ansible module does not support this functionality, so the role we are executing relies on the URI module.
64 - name: Set NSX Permissions 65 uri: 66 url: "https://{{ nsxmanager_spec.host }}/api/2.0/services/usermgmt/role/[email protected]?isGroup=true" 67 method: POST 68 url_username: "{{ nsxmanager_spec.user }}" 69 url_password: "{{ nsxmanager_spec.password }}" 70 headers: 71 Content-Type: "application/xml" 72 Accept: "application/xml" 73 body: "<accessControlEntry><role>enterprise_admin</role></accessControlEntry>" 74 body_format: raw 75 force_basic_auth: yes 76 validate_certs: no 77 use_proxy: no 78 return_content: yes 79 status_code: 204 80 tags: nsx_permissions 81 delegate_to: localhost
The API call does not return a typical 200 status if the call was successful, so the task above specifies that Ansible should be looking for a 204 status.
I am currently working on adding this functionality to the NSX Ansible module published on GitHub. Time (and testing) allowing, the code will be available in the coming days.
Enjoy!