topic Re: Ansible automation module host deletion in Ansible

Ansible automation module host deletion

rkcp — Fri, 06 Mar 2020 01:06:52 GMT

Hi All

I am trying to do automation using Ansible(cp_mgmt_host) and am running into an issue with a call to delete a host. I am getting an error that the object I am trying to delete is part of some other groups. I have set the ignore_errors and ignore_warnings paramets to true in the cp_mgmt_host function so that the script can run if this condition is met. I am unable to move past because of this. Does the host need to be removed from the group first and if yes, I do not see that as an option in the cp_mgmt_group call? I am getting the below. I am trying to delete the object TESTHOST

"msg": {
"code": "err_validation_failed",
"message": "Validation failed with 1 warning",
"warnings": [
{
"message": "Object TESTHOST is used by the following objects: xxxxxxxx, yyyyyyyy"

Any help would be appreciated.

Thanks

Re: Ansible automation module host deletion

PhoneBoy — Sat, 07 Mar 2020 00:43:31 GMT

The way Ansible works is the entire configuration you wish to work with must be defined in your Ansible playbook.
The way you delete something from the configuration is to modify the playbook and re-execute it.
As such, there is no explicit "delete" command in Ansible.

Which means to delete the object from the group in Ansible, you'd have to define the group as it exists in Ansible, run the playbook, remove the host from the group in the playbook.

Of course, this assumes that's the only dependency with that particular object.
There may be others, and to resolve them in Ansible, you'd have to go through a similar process.

Re: Ansible automation module host deletion

rkcp — Sat, 07 Mar 2020 02:39:25 GMT

Thanks Phoneboy. Let me explain further. I am using the cp_mgmt_host task of the Checkpoint ansible module to delete the host. One of the parameters it takes is "State" and the possible values are "Present" or "Absent". Present for addition and Absent for deletion. In addition, there are 2 other parameters "ignore_errors" and "ignore_warnings" which can be true or false.

I am doing the below in my playbook

- name: delete-host
cp_mgmt_host:
name: TESTHOST
ignore_errors: true
ignore_warnings: true
state: absent

Per the documentation, this is what is needed to delete the host and ignore any warnings or errors but I am unable to delete as the host is a member of a group object. My understanding from the documentation is that having ignore_errors set to true and state to "Absent" the host should be deleted.

What am I missing?

Re: Ansible automation module host deletion

PhoneBoy — Sat, 07 Mar 2020 07:11:05 GMT

Ignore Errors or Ignore Warnings will not overcome the requirement to remove all references to the object in groups or other objects before you can remove it.
ThIs applies whether you're using Ansible or not.

My guess is you are working with an object that was not defined by your Ansible playbook to begin with.
Ansible can only remove objects where Ansible was used to create the object along with all the objects that might depend on it (e.g. groups).
That means either defining all those dependencies in your playbook or removing the dependencies outside Ansible.

Re: Ansible automation module host deletion

rkcp — Sat, 14 Mar 2020 16:51:58 GMT

The host I am trying to delete was added by the ansible playbook to add host using the cp_mgmt_host library. This was set by setting the value of the variable "State" to "Present". I am now trying to delete the same host as a test to see how to do this via Ansible. So I am using the same cp_mgmt_host library and setting the "State" parameter to "absent" to delete it. The host I have added is part of 2 groups and I am trying to delete it and the message I am getting is that these objects belong to 2 groups. Below is the message I am getting

atal: [x.x.x.x]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"auto_publish_session": true,
"color": null,
"comments": null,
"details_level": null,
"groups": null,
"host_servers": null,
"ignore_errors": null,
"ignore_warnings": null,
"interfaces": null,
"ip_address": null,
"ipv4_address": null,
"ipv6_address": null,
"name": "TEST123",
"nat_settings": null,
"state": "absent",
"tags": null,
"version": null,
"wait_for_task": true
}
},
"msg": {
"code": "err_validation_failed",
"message": "Validation failed with 1 warning",
"warnings": [
{
"message": "Object TEST123 is used by the following objects: Domain-xxxxx-Group, OS-xxxxxxx-Server-Group"
}
]
}
}

Do I need to first find out what groups the host belongs to and take it out from the groups and then delete it? If I have to take it out of groups do I use the cp_mgmtgroup library and does have any example if they have used it as I am concerned that I do not want to delete the group by mistake.

Thanks

Re: Ansible automation module host deletion

PhoneBoy — Sat, 14 Mar 2020 23:03:22 GMT

You can either remove the object from the groups outside of Ansible OR define the groups in Ansible as they exist currently on your management station with the exception of the object you wish to remove.
Either approach will work.
You will not be able to delete the object in Ansible—or via any other mechanism—until you do that.