cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Ansible playbooks wont run outside of specific directory

Hi, I'm trying to solve this Ansible playbook issue

If my playbooks are in this directory   /usr/lib/python2.7/site-packages/ansible/modules/extras

the playbooks run fine.

 

When using Tower, it puts them in its own folder which is /var/lib/aws/projects/<dynamic>/whatever.yml

and I get the following message (both in tower and when I run locally like below)

I have tried multiple things to try to straiten this out. 

Any suggestions?

0 Kudos
7 Replies
Admin
Admin

Re: Ansible playbooks wont run outside of specific directory

The error message is telling you what the issue is: namely that when you issue the login message to the Check Point management server, that the fingerprint of the server is not trusted.

You can configure this as part of the login action.

For example, in this playbook quoted here: cpAnsible installation on Ubuntu 16.04 , you see the following:

- hosts: "localhost"

  tasks:

  - name: "login"

    check_point_mgmt:

      command: login

      parameters:

        username: "{{mgmt_user}}"

        password: "{{mgmt_password}}"

        management: "{{mgmt_server}}"

      fingerprint: "FA:5A:A6:AC:93:D0:BD:69:9E:E1:72:05:1D:73:24:70:29:17:37:C1"

    register: login_response

The CLI command api fingerprint from the management will give you the SHA1 hash you need to add for your management server.

0 Kudos

Re: Ansible playbooks wont run outside of specific directory

I am doing the following..

---

- hosts: "localhost"
tasks:
- name: "login"
check_point_mgmt:
command: login
parameters:
username: "{{mgmt_user}}"
password: "{{mgmt_password}}"
management: "{{mgmt_server}}"
domain: "{{mgmt_domain}}"
fingerprint: "{{mgmt_finger_Print}}"
register: login_response
- name: "logout"
check_point_mgmt:
command: logout
session-data: '{{login_response}}'
0 Kudos
Admin
Admin

Re: Ansible playbooks wont run outside of specific directory

Ryan Darst‌, any idea?

0 Kudos
Employee+
Employee+

Re: Ansible playbooks wont run outside of specific directory

Have you defined your library path correctly in /etc/ansible/ansible.cfg?

0 Kudos
Employee+
Employee+

Re: Ansible playbooks wont run outside of specific directory

I'm not using Tower for a very long time, I do not remember that I had issues with that besides the license limitation of the free version

Try this one Smiley Happy

- name: "Gather API Fingerprint from the Management Server"
command: "/opt/CPsuite-R80/fw1/bin/api fingerprint |grep SHA1 "
register: api_fingerprint_raw

- name: "Register the output for only the SHA1 fingerprint"
set_fact:
api_fingerprint: "{{ api_fingerprint_raw.stdout.split(' ')[1] }}"

- name: Debug Output
debug:
msg: "Output for API SHA1 {{ api_fingerprint }}"

- name: "login"
check_point_mgmt:
command: login
parameters:
username: "admin"
password: "vpn123"
management: "{{ target }}"
domain: "{{ domain_server }}"
fingerprint: "{{ api_fingerprint }}"
register: login_response

0 Kudos

Re: Ansible playbooks wont run outside of specific directory

After I fixed my indentation it worked. I had fingerprint: lined up with the parameters section. So its not just for looks?

0 Kudos
Highlighted
Admin
Admin

Re: Ansible playbooks wont run outside of specific directory

Correct it's not just for looks.

Indents matter. Smiley Happy