This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Hugo_vd_Kooij
Advisor
‎2020-09-29 06:52 AM

Adding and removing in Ansible

Hi,

I find that nsible gives me a bit of a headache. I can add objects without a problem by using "state: present" but if I set all objects to "state: absent" I run into dependency issue.

My current playbook I am testing with is:

---
- name: Create Objects
  hosts: cpmgmt
  connection: httpapi
  tasks:
  - name: Subnet NET-TEST-1
    check_point.mgmt.cp_mgmt_network:
      name: "NET-TEST-1"
      subnet: "192.168.1.0" 
      mask_length: 24
      color: red
      state: present

  - name: Subnet NET-TEST-2
    check_point.mgmt.cp_mgmt_network:
      name: "NET-TEST-2"
      subnet: "192.168.2.0"
      mask_length: 24
      color: purple
      state: present
  - name: Subnet NET-TEST-3
    check_point.mgmt.cp_mgmt_network:
      name: "NET-TEST-3"
      subnet: "192.168.3.0"
      mask_length: 24
      color: blue
      state: present

  - name: Group GRP-NET-TEST
     cp_mgmt_group:
      name: GRP-NET-TEST
      members:
      - NET-TEST-1
      - NET-TEST-2
      - NET-TEST-3
      color: dark gold
      state: present

  - name: Publish
    check_point.mgmt.cp_mgmt_publish:

 

So somehow you also need to change the order of the tasks if you want to delete objects. And that would defeat the purpose of ansible in my view.

So how do other handle playbooks like this?

Miracles happen while you wait. The impossible jobs take just a bit longer.
0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-10-01 09:08 AM

Tagging @Or_Soffer in case he has some feedback around this.

Part of the issue here is making sure we don't undo changes made by humans.
Which is why removing, say, a group that previously existed before Ansible was in use is not something we allow.
However, this seems like a pretty clear-cut case where Ansible is creating/removing all the relevant objects, so it...should work.

0 Kudos
Jim_Oqvist
Employee
Employee
‎2020-10-01 11:57 PM

Hi Hugo,

You can use the parameter
ignore_warnings: true
ansible-collections-check-point-mgmt-cp-mgmt-host-module 
2020-10-02_08-54-47.png

This will ignore any warnings when deleting an object and publish the change, for example deleting a host that is used in a group like in your situation.

Due to an issue, this this parameter is not honored in the current module.
R&D have found the root cause and this will be fixed in the next version of the collection.

Remember to always use the latest updated collection available here:
https://galaxy.ansible.com/check_point/mgmt

You can find information about the updates in the different releases of the collection here:
https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/releases

Kind Regards
Jim

0 Kudos