This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ChadGPT
Explorer
‎2023-12-14 07:24 AM
Jump to solution

Obtaining VS info from Web API run-script route called on a Gateway

Hello everyone! 

Using the management web API v1.9 and the run-script route targetted at a VSX gateway, I am able to run a command like "vsx stat -l" to get the stats of the virtual systems running on the gateway.

My problem is that when I try to run the command "vsenv [vsid]" with the run-script route, I get the error message "vsenv command not found". Why would that be ?

I am trying to move inside of a vs to then run the "ifconfig -a" via the web API and this seems to be the only path I have found yet until official APIs for VSX are released as part of R82. I am using an API Key and an API User with elevated permission to authenticate with the API.

0 Kudos
2 Solutions

Accepted Solutions
Jim_Oqvist
Employee
Employee
‎2023-12-15 02:09 AM
Jump to solution

You need to sent the environment variables for the shell you are starting with run-script. this can be done by adding source /etc/bashrc ; before your command in the script value.

 

[Expert@sc:0]# mgmt_cli -r true -f json run-script script-name "test" script "source /etc/bashrc ; vsenv" targets.1 "sc"

 

 

Here is an example, ignore the fail as I am executing the command on a Security Management Server

[Expert@sc:0]# mgmt_cli -r true -f json run-script script-name "test" script "source /etc/bashrc ; vsenv" targets.1 "sc" | jq -r '.tasks[]."task-details"[].statusDescription'

---------------------------------------------
Time: [10:24:48] 15/12/2023
---------------------------------------------
"cpx-sc - test" failed (100%)
vsenv: This is only supported on a VSX machine.

View solution in original post

(1)
Jim_Oqvist
Employee
Employee
‎2023-12-15 09:26 AM
In response to ChadGPT
Jump to solution

Hi, 

The mgmt_cli is just a client to send RESTful API requests as HTTP POST.

This is how the payload looks like that is sent to the Server.

 

 

Payload: {
             "script" : "source /etc/bashrc ; vsenv",
             "script-name":"test",
             "targets":["sc"]
         }

 

 

 

 

View solution in original post

0 Kudos
(1)
10 Replies
Vincent_Bacher
Advisor
Advisor
‎2023-12-14 10:48 AM
Jump to solution

Hi,

Could put-file in combination with run-script be an option?

Cheers

 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
ChadGPT
Explorer
‎2023-12-15 08:48 AM
In response to Vincent_Bacher
Jump to solution

Hi Vincent!

What difference would it make if I were to use put-file in combination with my run-script? I would pass the script in the put-file and then I would execute that script with run-script pointing at that script. I am not sure it would make a difference at the level where the command is executed ?

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2023-12-15 01:47 AM
Jump to solution

I have noticed that commands like mdsenv and vsenv do not work as such in bash scripts these days.

Need to look into that.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
(1)
Jim_Oqvist
Employee
Employee
‎2023-12-15 02:09 AM
Jump to solution

You need to sent the environment variables for the shell you are starting with run-script. this can be done by adding source /etc/bashrc ; before your command in the script value.

 

[Expert@sc:0]# mgmt_cli -r true -f json run-script script-name "test" script "source /etc/bashrc ; vsenv" targets.1 "sc"

 

 

Here is an example, ignore the fail as I am executing the command on a Security Management Server

[Expert@sc:0]# mgmt_cli -r true -f json run-script script-name "test" script "source /etc/bashrc ; vsenv" targets.1 "sc" | jq -r '.tasks[]."task-details"[].statusDescription'

---------------------------------------------
Time: [10:24:48] 15/12/2023
---------------------------------------------
"cpx-sc - test" failed (100%)
vsenv: This is only supported on a VSX machine.

(1)
ChadGPT
Explorer
‎2023-12-15 08:44 AM
In response to Jim_Oqvist
Jump to solution

Hi Jim,

You seem to be using the mgmt_cli tool, I am using the Web Services. Looking at the documentation (Check Point - Management API reference), it seems like I cannot add the source in the HTTP Request body...

Thank you

0 Kudos
Jim_Oqvist
Employee
Employee
‎2023-12-15 09:26 AM
In response to ChadGPT
Jump to solution

Hi, 

The mgmt_cli is just a client to send RESTful API requests as HTTP POST.

This is how the payload looks like that is sent to the Server.

 

 

Payload: {
             "script" : "source /etc/bashrc ; vsenv",
             "script-name":"test",
             "targets":["sc"]
         }

 

 

 

 

0 Kudos
(1)
ChadGPT
Explorer
‎2023-12-15 10:12 AM
In response to Jim_Oqvist
Jump to solution

Thank you very much, this seems to do the trick !

0 Kudos
ChadGPT
Explorer
‎2023-12-18 08:20 AM
Jump to solution

If this can help anyone: I got it to work with "src /etc/bashrc ; vsenv [vsName] ; /bin/cp-ifconfig.sh -a
ifconfig -a gave the internal IP's. /bin/cp-ifconfig.sh -a gives me the external IP's

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-12-18 10:41 AM
Jump to solution

All currently supported versions of VSX are based on Linux network namespaces rather than the old VRF extensions. As long as you're running a current version, the easiest way to run a command in a given VS is this:

ip nets exec <namespace name> <command>

The namespaces have predictable names in the form CTX##### where ##### is the VSID padded out to five digits with leading zeroes. For example, VSID 4 is CTX00004 and VSID 196 is CTX00196.

For example, to run the command 'netstat -rn' in VSID 2, I use:

ip netns exec CTX00002 netstat -rn

You can get a list of all of the namespace names using 'ip nets list'. Note that this list includes switch contexts.

Alex-
MVP Silver
MVP Silver
‎2023-12-19 12:56 AM
In response to Bob_Zimmerman
Jump to solution

Useful information about the namespaces, thanks for sharing.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events