topic Re: Ansible - getting info from multiple domains from provider in Ansible

Ansible - getting info from multiple domains from provider

Cegeka_Networki — Thu, 16 Apr 2020 10:10:54 GMT

Hello all

I'm facing the following issue and I can't seem to find a way to fix it.

I'm trying to get an overview of all vpn's created on our check point platform.

I'm doing this by executing the following task in my playbook on 2 hosts in my inventory:

Task:

- name: show-vpn-communities-star on chosen firewall
    cp_mgmt_vpn_community_star_facts:
     details_level: full
   register: existing_star_vpns_on_fw

Inventory:

Aveve ansible_host=10.248.0.254 ansible_checkpoint_domain=Aveve
Renewi ansible_host=10.248.0.254 ansible_checkpoint_domain=Renewi

Running this playbook from AWX and debugging the registered variable: existing_star_vpns_on_fw gives me the same output twice (once for each host it was run on):

TASK [show-vpn-communities-star on chosen firewall] ****************************
ok: [Aveve]
[

ok: [Renewi]
[

TASK [debug] *******************************************************************
ok: [Aveve] =>
"msg": "VPN name: S2S-CI00060823-Actemium, peer ip: x.x.x.x"
}
[

ok: [Aveve] =>
"msg": "VPN name: test-vpn, peer ip: 1.1.1.1"
}
[
ok: [Renewi] =>
"msg": "VPN name: S2S-CI00060823-Actemium, peer ip: x.x.x.x"
}
[

ok: [Renewi] =>
"msg": "VPN name: test-vpn, peer ip: 1.1.1.1"
}
[

The output I'm getting are only the vpn's on Aveve. It almost seems that Ansible can't handle registered variables on multiple domains on 1 ansible host: 10.248.0.254. Does anyone have an idea how to prevent this?
Executing the same playbook on just 1 domain works perfectly.

Complete playbook:

- name: Check vpn's on Check Point platform
connection: httpapi
hosts: Aveve,Renewi
gather_facts: no

tasks:

- name: Setting password for NSAutomation user as fact
set_fact:
ansible_password: "{{ NSAutomation_pass }}"

- name: show-vpn-communities-star on chosen firewall
cp_mgmt_vpn_community_star_facts:
details_level: full
register: existing_star_vpns_on_fw

- debug:
msg: "VPN name: {{ item.name }}, peer ip: {{ item['satellite-gateways'][0]['ipv4-address'] }}"
loop: "{{ existing_star_vpns_on_fw.ansible_facts['vpn-communities-star'].objects }}"

Re: Ansible - getting info from multiple domains from provider

PhoneBoy — Sat, 18 Apr 2020 21:28:05 GMT

I assume you're talking about a Multi-Domain environment here.
Shouldn't you use the CMA IP for each domain here?

Re: Ansible - getting info from multiple domains from provider

Cegeka_Networki — Wed, 22 Apr 2020 08:35:30 GMT

I indeed decided to send my requests to the CMA's directly rather than the provider seeing as a register task is always saved on the host ip.

Re: Ansible - getting info from multiple domains from provider

PhoneBoy — Wed, 22 Apr 2020 17:05:56 GMT

You list the same IP for both domains...so I'm confused.

Re: Ansible - getting info from multiple domains from provider

IdentityUnknown — Sat, 25 Apr 2020 10:59:14 GMT

Hi,

Normally you would run your playbook in a MDM scenario against your mgmt-ip and the domain will be a variable.

- name: Check vpn's on Check Point platform connection: httpapi hosts: MGMT-IP gather_facts: no vars: ansible_checkpoint_domain: "Domain 1"

It think you have to use the module cp_mgmt_mds_facts to get all domains and create a list of domains to loop your task through all domains (https://docs.ansible.com/ansible/latest/modules/cp_mgmt_mds_facts_module.html#cp-mgmt-mds-facts-module)