Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Simon_Macpherso
Advisor

Gaia API Ansible Collection 3.0.0

I see Gaia API Ansible Collection 3.0.0 (https://galaxy.ansible.com/check_point/gaia) was released over a month ago. 

There is no module documentation link for this collection in the Ansible docs collection index or GitHub page.

Why release a new version without simultaneously releasing the module documentation?   Supported parameters can be gleaned from the Gaia API reference documentation, but the module documentation is required for to reference support module parameters.

For example, how do you target specific gateways? When using the cp_gaia_user module I've tried to use the 'targets' parameter to target specific gateways, however a message is returned stating the parameter is unsupported.  

 

0 Kudos
17 Replies
PhoneBoy
Admin
Admin

@chkp-royl can you comment?

0 Kudos
Simon_Macpherso
Advisor

@chkp-royl are you able to comment here? 

0 Kudos
chkp-royl
Employee
Employee

Hi,

Sorry but we are not the owners of GAIA APIs. 

Please talk to @CHKP-majds (majds@checkpoint.com) - I also sent him link to this post.

Thanks!

0 Kudos
ameera
Employee
Employee

Hi

targets is not a parameter of cp_gaia_user module

we are signed up to Ansible and provide our gaia APIs to configure one gateway, but how to target specific gateways this should be Ansible work and should be in their documentation

for our documentation we are still waiting for Ansible approval to release it officially

it is right the collection now is in Ansible galaxy, but it is still not officially released, once they release it, the documentation should be part of it

 

thanks

 

Simon_Macpherso
Advisor

Hello @ameera this doesn't really make sense. The collection leverages the mgmt api so there must be a way to target specific gateways, as there is with the web api collection (module target parameter). You mention you "provide our gaia APIs to configure one gateway" - how do you connect to a single gateway via the mgmt api to process gaia api commands? 

0 Kudos
ameera
Employee
Employee

this is what I did:

I added the following lines to "/etc/ansible/hosts" in ansible machine

[check_point]
172.23.21.103
[check_point:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=<user_name>
ansible_password=<password>
ansible_network_os=check_point.gaia.checkpoint

 

again, this is in ansible machine which should configure the gateways

now how to add more than one gateway I don't know

maybe you just want to add more IPs under [check_point], but I didn't try that

 

Simon_Macpherso
Advisor

I was under the impression, based on the README of the collection and github repo, that this new collection would allowed  control of a gateway using management web-services API. 

So Ansible hosts file would be configured as below

[check_point]
%CHECK_POINT_MANAGEMENT_SERVER_IP%
[check_point:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=%CHECK_POINT_GAIA_USER%
ansible_password=%CHECK_POINT_GAIA_PASSWORD%
ansible_network_os=check_point.gaia.checkpoint

Meaning you would target the gateways in the yaml via the targets parameter. 

https://galaxy.ansible.com/check_point/gaia 

https://github.com/CheckPointSW/CheckPointAnsibleGAIACollection

0 Kudos
Simon_Macpherso
Advisor

@ameera can you please check this internally. 

0 Kudos
Simon_Macpherso
Advisor

@ameera ? 

0 Kudos
Chris_Atkinson
Employee
Employee

Can you highlight the confusing part in the readme regarding targets?

Rather if the intent of the corresponding GAiA API is unclear please refer sk143612.

0 Kudos
ameera
Employee
Employee

maybe you are referring to management API ?

it is another collection differ from gaia collection
https://galaxy.ansible.com/check_point/mgmt 

https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection 

0 Kudos
Simon_Macpherso
Advisor

No I'm not referring to the management API. 

We already use the management API extensively. 

0 Kudos
Will_H
Contributor

Understood the same. Never figured it out...

Bob_Zimmerman
Leader
Leader

With the Gaia API, you don't necessarily use the management server's IP, you use the IP of the thing you're trying to work with. For example, you could use Ansible with the Gaia API to set the login banner. The login banner can be set on management servers and on firewalls. If you want to set it on a firewall, your Ansible configuration needs to include the IP (or name, if you have DNS) of that firewall.

0 Kudos
ameera
Employee
Employee

maybe the %CHECK_POINT_MANAGEMENT_SERVER_IP% is confusing and it was misunderstand able 

we are referring it to any gaia IP ( firewall IP or management IP )

0 Kudos
Hugo_vd_Kooij
Advisor

This is basic Ansible stuff in my view.

Howabout

[check_point]
10.0.0.2
10.0.0.3
10.0.0.12
10.0.0.23
<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Hugo_vd_Kooij
Advisor

Now it is up to your playbook to determine which settings needs to be done on all hosts and which are done per host.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos