topic Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group in Ansible

Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

ukohae — Fri, 23 Apr 2021 12:11:46 GMT

How do I check if a Group Exists in a domain using Ansible, and if it exists add a host to the group, if it doesn't exist, create a new group and then add a host to that Group.

playbook.yml

--- - hosts: check_point connection: httpapi gather_facts: False vars_files: - 'my_var.yml' - 'login.yml' tasks: - name: add-host-if-group-exist check_point.mgmt.cp_mgmt_host: name: Host1 ip_address: 10.1.2.3 comments: 'FWP' state: present groups: groupTest auto_publish_session: yes delegate_to: Global - name: add-group-if-group-doesn't exist-and-create-host check_point.mgmt.cp_mgmt_host: name: groupTest state: present members: Host1 auto_publish_session: yes delegate_to: Global # let's check if the group exists, if it doesn't create a new group and add a host. If a group exists add new host to that group

Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

PhoneBoy — Mon, 26 Apr 2021 04:23:22 GMT

I'm by no means an expert in Ansible.
But I assume you could execute check_point.mgmt.cp_mgmt_group_facts and either add to the existing group or create the group based on the result.
Tagging @Or_Soffer in case he has a more precise idea.

Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

ukohae — Tue, 27 Apr 2021 04:18:09 GMT

Hi, can I get a working code example?

Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

PhoneBoy — Tue, 27 Apr 2021 04:33:25 GMT

Seems like you'd use fail in the playbook.
But you should check the group first, then create the host object.
My guess is you'd have a task like the following before your create host task:

- name: check-if-group-exists-if-not-create check_point.mgmt.cp_mgmt_group_facts name: groupTest - fail: check_point.mgmt.cp_mgmt_host: name: groupTest state: present members: Host1 auto_publish_session: yes delegate_to: Global

However: I have not tested this.

Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

ukohae — Tue, 27 Apr 2021 13:50:43 GMT

I ran the sample code. I get a console error message

--- - name: Global Objects hosts: Global connection: httpapi gather_facts: False vars_files: - 'credentials/my_var.yml' - 'credentials/login.yml' tasks: - name: check-if-group-exists-if-not-create check_point.mgmt.cp_mgmt_group_facts: name: gTest1A - name: fail fail: check_point.mgmt.cp_mgmt_host: name: Host1 state: present #members: Host1 auto_publish_session: yes #delegate_to: Global

Error Message

TASK [fail] ******************************************************************************************************************************************************************************** fatal: [Global]: FAILED! => {"changed": false, "msg": "Invalid options for fail: check_point.mgmt.cp_mgmt_host"}

@PhoneBoy @Jonas_Rosenboom

Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

PhoneBoy — Tue, 27 Apr 2021 15:15:35 GMT

The fail should be associated with checking the existence of the group, which it's not in your code sample.

Re: Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

Jonas_Rosenboom — Tue, 27 Apr 2021 15:47:38 GMT

If you can't use Ansible according to it's philosophy due to your environment, it might be easier to find a better tool for the job.

via https://www.ansible.com/blog/ansible-best-practices-essentials:

> Ansible is a desired state engine by design. If you’re trying to “write code” in your plays and roles, you’re setting yourself up for failure. Our YAML-based playbooks were never meant to be for programming.

Check out our Check Point API Python Development Kit and API documentation instead. A short Python script might cover all your cases and give you quick results.