Ansible Connection Error

mervin16 — Sat, 07 Nov 2020 15:19:02 GMT

Hi,

I am trying to create a network in my Checkpoint SMS R80.40 using Ansible but i am getting a Connection Error.

The full error is:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 500 fatal: [ckp_sms_ngen]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 102, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_network', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python2.7/runpy.py\", line 188, in run_module\n fname, loader, pkg_name)\n File \"/usr/lib/python2.7/runpy.py\", line 82, in _run_module_code\n mod_name, mod_fname, mod_loader, pkg_name)\n File \"/usr/lib/python2.7/runpy.py\", line 72, in _run_code\n exec code in run_globals\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py\", line 225, in <module>\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py\", line 220, in main\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 265, in api_call\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 65, in send_request\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible/module_utils/connection.py\", line 195, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 500\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

My Playbook is as such:

--- - name: playbook name hosts: firewalls_checkpoint connection: httpapi tasks: - name: task to have network check_point.mgmt.cp_mgmt_network: name: "network name" subnet: "4.1.76.0" mask_length: 24 auto_publish_session: true vars: ansible_checkpoint_domain: "SMC User"

My Hosts file:

#This is a group of remote servers for Checkpoint SMS [firewalls_checkpoint] ckp_sms_ngen #These are global variables for the group firewalls [firewalls_checkpoint:vars] ansible_user=admin ansible_password=***** ansible_network_os=check_point.mgmt.checkpoint ansible_httpapi_use_ssl=yes ansible_httpapi_validate_certs=no ansible_python_interpreter=/usr/bin/python2.7

The checkpoint version i am using is:

This is Check Point Security Management Server R80.40 - Build 150
This is Check Point's software version R80.40 - Build 685

I tried sending requests via POSTMAN and it works fine.

Can someone please help me ?

Re: Ansible Connection Error

Jim_Oqvist — Sat, 07 Nov 2020 21:20:47 GMT

Hi Mervin,

What I assume is that you have mapped ckp_sms_ngen to an ip address in /etc/hosts.
I noticed that when doing so this causes Ansible httpapi connection plugin to send "X-Forwarded-Host=[]" in the http header, which in turn causes the server to respond with:

Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Sat, 07 Nov 2020 21:00:13 GMT]}
Payload: {
"code" : "generic_err_missing_required_header",
"message" : "Invalid header: [X-Forwarded-Host]"
}

While Ansible should send X-Forwarded-Host=[X.X.X.X:443],

You can work around this by adding "ansible_host" to your /etc/ansibe/hosts file.

[firewalls_checkpoint] ckp_sms_ngen ansible_host=192.168.233.71

I am not sure if the problem is on the Ansible core side or our collection, but I will report this to our developers so they can work with Red Hat on that.

Kind Regards
Jim

Re: Ansible Connection Error

mervin16 — Sun, 08 Nov 2020 10:08:55 GMT

Thank you so much for helping me. This worked.

Thank you for checking this issue with Red Hat 🙂

Re: Ansible Connection Error

Jim_Oqvist — Mon, 09 Nov 2020 10:44:49 GMT

To update, this only seems to happen when using underscore "_" in the hostname, when using dash "-" will work fine.

PLAY RECAP ************************************************************************************************* chkp-mgmt : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 chkp_sms : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

topic Re: Ansible Connection Error in Ansible

Ansible Connection Error

Re: Ansible Connection Error

Re: Ansible Connection Error

Re: Ansible Connection Error