Obtain objects from CMA managed by MDS with Ansible

E_AGH107 — Fri, 15 Sep 2023 12:02:37 GMT

Hello Mates,

I have been working with CheckPoint and Ansible for the past 6/7 months.

My environment has been a Smart 1 appliance where I have different instances (VSX, Gateways, etc) and I could manage objects, policies, layers and more from a centralized point without any major inconvenience. So I was working with an independent CMA.

Now, I have access to a MDS with several CMAs, I'm trying to execute some changes in a CMA like before but for my surprise it isn't working. I can access to the CMAs (directly or trough MDS) using SmartConsole R81.10, visualize the different objects and policies existing, but when I try to gather some information using the playbooks I used to, the obtained JSON objects are empty.

The playbooks I'm currently testing are very simple, here is an example:
---
- name: Obtain host objects
gather_facts: false
hosts: CMA-1
connection: ansible.netcommon.httpapi

tasks:

# Obtain the first 100 objects
- name: Get host objects
register: cp_hosts
check_point.mgmt.cp_mgmt_host_facts:
details_level: standard
limit: 100
offset: 0

The answer:

TASK [Get host objects] *******************
ok: [CMA-1] => {
"ansible_facts": {
"hosts": {
"objects": [],
"total": 0
}
},
"changed": false,
"invocation": {
"module_args": {
"details_level": "standard",
"limit": 100,
"name": null,
"offset": 0,
"order": null,
"show_membership": null,
"version": null
}
}
}

In other cases, when gathering information related to MDS, for example the existing domains (using module check_point.mgmt.cp_mgmt_domain_facts), I do obtain the information, even when I ask to the CMA instead of MDS, which I don't fully understand but is not the case.

I have used MDS and CMA-1 as hosts parameters, but no one returns whatever information I have asked for.

What I am doing wrong? Am I asking the correct host? Do I have to include some missing parameter?

I have been reading the documentation but didn't find any answer. https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html

Thank you in advance for your help!

Re: Obtain objects from CMA managed by MDS with Ansible

Erik_Lagzdins — Fri, 15 Sep 2023 13:18:35 GMT

It sounds like you're connecting to the MDS domain, rather than the specific CMA-1 Domain.

Your ansible host/target should be the primary MDS. Then in the playbook, make sure to add a variable with your target domain with the ansible_checkpoint_domain variable. In my example below, my domain name is Domain1.

--- - name: "Show Hosts in the Domain" gather_facts: no hosts: mds-primary vars: ansible_connection: httpapi ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_network_os: check_point.mgmt.checkpoint ansible_checkpoint_domain: Domain1 tasks: - name: show-checkpoint-hosts cp_mgmt_host_facts: limit: 100 register: show_hosts - debug: msg: "{{ show_hosts }}"

Re: Obtain objects from CMA managed by MDS with Ansible

E_AGH107 — Fri, 15 Sep 2023 14:07:15 GMT

Indeed, that was the missing parameter!

I added the parameter in the host_vars file of CMA-1 so can re-use playbook.

Thank you so much Erik!

topic Obtain objects from CMA managed by MDS with Ansible in Ansible

Obtain objects from CMA managed by MDS with Ansible

Re: Obtain objects from CMA managed by MDS with Ansible

Re: Obtain objects from CMA managed by MDS with Ansible