User and Role Management via Ansible and Prism Central

Paul Bryant

8 months ago

Introduction

Role-based access control (RBAC) in Nutanix is critical to secure infrastructure operations. Prism Central allows you to define users, roles, and permissions across the enterprise. This post shows you how to automate RBAC with Ansible, ensuring secure, consistent access for admins, operators, and service accounts.

My Personal Repository on GitHub

Nutanix Repository on GitHub

Diagram: RBAC Playbook Flow

Use Case

Create and manage internal users
Assign specific roles (e.g., Viewer, Cluster Admin)
Reconcile access during onboarding or audit

YAML User Spec: `users.yml`

nutanix_users:
  - username: "backupadmin"
    email: "backup@example.com"
    full_name: "Backup Admin"
    password: "S3cur3!"
    roles:
      - name: "Viewer"

  - username: "devops"
    email: "devops@example.com"
    full_name: "DevOps Lead"
    password: "D3v0ps!"
    roles:
      - name: "Cluster Admin"

Playbook: `manage_users.yml`

- name: Manage Nutanix Prism Central users
  hosts: localhost
  gather_facts: false
  collections:
    - nutanix.ncp
  vars_files:
    - nutanix_credentials.yml
    - users.yml
  tasks:

    - name: Create or update user roles
      loop: "{{ nutanix_users }}"
      loop_control:
        loop_var: user
      nutanix.ncp.users:
        state: present
        username: "{{ user.username }}"
        password: "{{ user.password }}"
        email: "{{ user.email }}"
        full_name: "{{ user.full_name }}"
        roles: "{{ user.roles }}"

Secure Passwords

Use ansible-vault to store passwords safely:

ansible-vault encrypt users.yml

Run the Playbook

ansible-playbook manage_users.yml --ask-vault-pass -i inventory.yml

Optional Enhancements

Include group membership for AD/LDAP users
Delete inactive users with state: absent
Combine with user audit scripts for compliance

Summary

Ansible allows you to scale RBAC policies across Nutanix clusters with minimal manual effort. From user onboarding to service account management, the automation ensures you never miss an assignment or misconfigure access.

External Documentation:

Building a Super Bash Script for Nutanix in Enterprise Environments

Introduction In enterprise environments, admins require a consolidated script that executes multiple Nutanix operational tasks safely and consistently. This article presents a...

Scheduling Certificate Checks with Ansible

Introduction An expired SSL certificate in Nutanix Prism Central can cause major disruptions to GUI access and API integrations. This article shows how to automate Prism certificate checks using Ansible,…