Re: Gaia API Ansible Collection 3.0.0

Simon_Macpherso · ‎2022-08-11

I see Gaia API Ansible Collection 3.0.0 (https://galaxy.ansible.com/check_point/gaia) was released over a month ago.

There is no module documentation link for this collection in the Ansible docs collection index or GitHub page.

Why release a new version without simultaneously releasing the module documentation? Supported parameters can be gleaned from the Gaia API reference documentation, but the module documentation is required for to reference support module parameters.

For example, how do you target specific gateways? When using the cp_gaia_user module I've tried to use the 'targets' parameter to target specific gateways, however a message is returned stating the parameter is unsupported.

PhoneBoy · ‎2022-08-12

@chkp-royl can you comment?

Simon_Macpherso · ‎2022-08-16

@chkp-royl are you able to comment here?

chkp-royl · ‎2022-08-16

Hi,

Sorry but we are not the owners of GAIA APIs.

Please talk to @CHKP-majds (majds@checkpoint.com) - I also sent him link to this post.

Thanks!

ameera · ‎2022-08-16

Hi

targets is not a parameter of cp_gaia_user module

we are signed up to Ansible and provide our gaia APIs to configure one gateway, but how to target specific gateways this should be Ansible work and should be in their documentation

for our documentation we are still waiting for Ansible approval to release it officially

it is right the collection now is in Ansible galaxy, but it is still not officially released, once they release it, the documentation should be part of it

thanks

Simon_Macpherso · ‎2022-08-17

Hello @ameera this doesn't really make sense. The collection leverages the mgmt api so there must be a way to target specific gateways, as there is with the web api collection (module target parameter). You mention you "provide our gaia APIs to configure one gateway" - how do you connect to a single gateway via the mgmt api to process gaia api commands?

ameera · ‎2022-08-17

this is what I did:

I added the following lines to "/etc/ansible/hosts" in ansible machine

[check_point]
172.23.21.103
[check_point:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=<user_name>
ansible_password=<password>
ansible_network_os=check_point.gaia.checkpoint

again, this is in ansible machine which should configure the gateways

now how to add more than one gateway I don't know

maybe you just want to add more IPs under [check_point], but I didn't try that

Simon_Macpherso · ‎2022-08-17

I was under the impression, based on the README of the collection and github repo, that this new collection would allowed control of a gateway using management web-services API.

So Ansible hosts file would be configured as below

[check_point]
%CHECK_POINT_MANAGEMENT_SERVER_IP%
[check_point:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=%CHECK_POINT_GAIA_USER%
ansible_password=%CHECK_POINT_GAIA_PASSWORD%
ansible_network_os=check_point.gaia.checkpoint

Meaning you would target the gateways in the yaml via the targets parameter.

https://galaxy.ansible.com/check_point/gaia

https://github.com/CheckPointSW/CheckPointAnsibleGAIACollection

Simon_Macpherso · ‎2022-08-18

@ameera can you please check this internally.

Simon_Macpherso · ‎2022-08-22

@ameera ?

Chris_Atkinson · ‎2022-08-22

Can you highlight the confusing part in the readme regarding targets?

Rather if the intent of the corresponding GAiA API is unclear please refer sk143612.

CCSM R77/R80/ELITE

ameera · ‎2022-08-23

maybe you are referring to management API ?

it is another collection differ from gaia collection
https://galaxy.ansible.com/check_point/mgmt

https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection

Simon_Macpherso · ‎2022-08-24

No I'm not referring to the management API.

We already use the management API extensively.

Will_H · ‎2022-08-18

Understood the same. Never figured it out...

Bob_Zimmerman · ‎2022-08-24

With the Gaia API, you don't necessarily use the management server's IP, you use the IP of the thing you're trying to work with. For example, you could use Ansible with the Gaia API to set the login banner. The login banner can be set on management servers and on firewalls. If you want to set it on a firewall, your Ansible configuration needs to include the IP (or name, if you have DNS) of that firewall.

ameera · ‎2022-08-24

maybe the %CHECK_POINT_MANAGEMENT_SERVER_IP% is confusing and it was misunderstand able

we are referring it to any gaia IP ( firewall IP or management IP )

Hugo_vd_Kooij · ‎2022-08-17

This is basic Ansible stuff in my view.

Howabout

[check_point]
10.0.0.2
10.0.0.3
10.0.0.12
10.0.0.23

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Hugo_vd_Kooij · ‎2022-08-17

Now it is up to your playbook to determine which settings needs to be done on all hosts and which are done per host.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Are you a member of CheckMates?

Gaia API Ansible Collection 3.0.0