Solved: Ansible: ADD host to a network group

Somy · ‎2024-06-26

Hi,

I want to create a host and add as a new member into a network gruop which is already exsist (test-ansible), but i recived this error:

nnection.py\", line 200, in __rpc__\nansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1

my code is:

---

- name: adding host into net Gruop

hosts: ck

become: true

gather_facts: false

vars_prompt:

- name: "ip"

prompt: "enter ip"

private: no

- name: action on Check Point

# connection: local

collections:

- check_point.mgmt

block:

- name: action on ck

include_tasks: checkpoint.yml

vars:

ansible_connection: httpapi

ansible_network_os: check_point.mgmt.checkpoint

ansible_httpapi_use_ssl: true

ansible_httpapi_validate_certs: false

ansible_httpapi_port: 443

# handlers:

# - name: publish

# cp_mgmt_publish:

when: inventory_hostname in groups['ck']

##### checkpoint.yml: ###########

- name: Add network object

check_point.mgmt.cp_mgmt_host:

name: "{{ip}}"

ip_address: "{{ip}}"

state: present

auto_publish_session: yes

ignore_errors: yes

- name: add-network-group

check_point.mgmt.cp_mgmt_group:

name: test-ansible

state: present

members:

- "{{ ip }}"

auto_publish_session: yes

ignore_errors: yes

thanks you in advance

Erik_Lagzdins · ‎2024-06-27

I did not encounter the same error when testing your playbook. I believe you have a general connection error, or maybe you have a conflicting variable that is not visible in your post.

I have simplified your playbook and made improvements that has been successful in my lab. For best practices I recommend naming the host object something different than the IP address used.

The way your group task was written, it would replace the contents of the group with your new object. If you use the group parameter for the host task, then the host will be added to the existing group without replacing the current group members.

Try this playbook:

---
- name: Create a new host object and add it to an existing group
  hosts: mds-primary
  gather_facts: false
  vars:
     ansible_connection: httpapi
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_network_os: check_point.mgmt.checkpoint
     ansible_checkpoint_domain: Domain1
     ansible_user: admin
     ansible_ssh_pass: vpn123

  vars_prompt:
  - name: "host_name"
    prompt: "enter new host object name"
    private: no

  - name: "ip_address"
    prompt: "enter host object ip address"
    private: no

  - name: "group_name"
    prompt: "enter an existing group name to add the new host to"
    private: no

  tasks:
    - name: Add new host object
      check_point.mgmt.cp_mgmt_host:
        name: "{{ host_name }}"
        ip_address: "{{ ip_address }}"
        groups: "{{ group_name }}"
        state: present
        auto_publish_session: yes

View solution in original post

Erik_Lagzdins · ‎2024-07-02

Your example with the cp_mgmt_host module is almost correct. You just need to add the "ignore_warnings: true" parameter to allow it to delete the host object even though it still belongs to a group.

---
- name: " Delete host objects with prompt "
  hosts: mds-primary
  gather_facts: no
  vars:
     #ansible_python_interpreter: "/usr/bin/python"
     ansible_connection: httpapi
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_network_os: check_point.mgmt.checkpoint #Using Galaxy https://galaxy.ansible.com/check_point collection
     ansible_checkpoint_domain: Domain1 # Default domain for a SMS (SmartCenter)
     ansible_user: admin  # Change to your Check Point management admin user
     ansible_ssh_pass: vpn123
  vars_prompt:
    - name: "host_object_name"
      prompt: "enter host object name to delete"
      private: no

  tasks:
    - name: Delete host
      check_point.mgmt.cp_mgmt_host:
        name: "{{ host_object_name }}"
        state: absent
        ignore_warnings: true
        auto_publish_session: yes
~

View solution in original post

Erik_Lagzdins · ‎2024-06-27

I did not encounter the same error when testing your playbook. I believe you have a general connection error, or maybe you have a conflicting variable that is not visible in your post.

I have simplified your playbook and made improvements that has been successful in my lab. For best practices I recommend naming the host object something different than the IP address used.

The way your group task was written, it would replace the contents of the group with your new object. If you use the group parameter for the host task, then the host will be added to the existing group without replacing the current group members.

Try this playbook:

---
- name: Create a new host object and add it to an existing group
  hosts: mds-primary
  gather_facts: false
  vars:
     ansible_connection: httpapi
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_network_os: check_point.mgmt.checkpoint
     ansible_checkpoint_domain: Domain1
     ansible_user: admin
     ansible_ssh_pass: vpn123

  vars_prompt:
  - name: "host_name"
    prompt: "enter new host object name"
    private: no

  - name: "ip_address"
    prompt: "enter host object ip address"
    private: no

  - name: "group_name"
    prompt: "enter an existing group name to add the new host to"
    private: no

  tasks:
    - name: Add new host object
      check_point.mgmt.cp_mgmt_host:
        name: "{{ host_name }}"
        ip_address: "{{ ip_address }}"
        groups: "{{ group_name }}"
        state: present
        auto_publish_session: yes

Somy · ‎2024-06-29

thanks you so much, i came up with a few modifications.

now i have another issue, i want to remove the host which i had already added, but with my code i go with removing entier group.

- name: add-network-group
check_point.mgmt.cp_mgmt_group:
name: test-ansible
state: absent
members:
- "h-{{ ip_address }}"
auto_publish_session: yes

on the other hand, with this one i can not remove the host because it is in used by network group:

- name: Add new host object
check_point.mgmt.cp_mgmt_host:
name: "h-{{ ip_address }}"
ip_address: "{{ ip_address }}"
groups:
- "test-ansible"
state: absent
auto_publish_session: yes

thanks you so much in advance

Erik_Lagzdins · ‎2024-07-02

Your example with the cp_mgmt_host module is almost correct. You just need to add the "ignore_warnings: true" parameter to allow it to delete the host object even though it still belongs to a group.

---
- name: " Delete host objects with prompt "
  hosts: mds-primary
  gather_facts: no
  vars:
     #ansible_python_interpreter: "/usr/bin/python"
     ansible_connection: httpapi
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_network_os: check_point.mgmt.checkpoint #Using Galaxy https://galaxy.ansible.com/check_point collection
     ansible_checkpoint_domain: Domain1 # Default domain for a SMS (SmartCenter)
     ansible_user: admin  # Change to your Check Point management admin user
     ansible_ssh_pass: vpn123
  vars_prompt:
    - name: "host_object_name"
      prompt: "enter host object name to delete"
      private: no

  tasks:
    - name: Delete host
      check_point.mgmt.cp_mgmt_host:
        name: "{{ host_object_name }}"
        state: absent
        ignore_warnings: true
        auto_publish_session: yes
~

Somy · ‎2024-07-02

thank you so much

Are you a member of CheckMates?

Ansible: ADD host to a network group