This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mervin16
Participant
‎2020-11-07 07:19 AM
Jump to solution

Ansible Connection Error

Hi,

 

I am trying to create a network in my Checkpoint SMS R80.40 using Ansible but i am getting a Connection Error.

The full error is:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 500
fatal: [ckp_sms_ngen]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_network', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib/python2.7/runpy.py\", line 188, in run_module\n    fname, loader, pkg_name)\n  File \"/usr/lib/python2.7/runpy.py\", line 82, in _run_module_code\n    mod_name, mod_fname, mod_loader, pkg_name)\n  File \"/usr/lib/python2.7/runpy.py\", line 72, in _run_code\n    exec code in run_globals\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py\", line 225, in <module>\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py\", line 220, in main\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 265, in api_call\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 65, in send_request\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible/module_utils/connection.py\", line 195, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 500\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

 

My Playbook is as such:

---
- name: playbook name
  hosts: firewalls_checkpoint
  connection: httpapi
  tasks:
    - name: task to have network
      check_point.mgmt.cp_mgmt_network:
        name: "network name"
        subnet: "4.1.76.0"
        mask_length: 24
        auto_publish_session: true

      vars:
        ansible_checkpoint_domain: "SMC User"

 

My Hosts file:

#This is a group of remote servers for Checkpoint SMS
[firewalls_checkpoint]
ckp_sms_ngen

#These are global variables for the group firewalls
[firewalls_checkpoint:vars]
ansible_user=admin
ansible_password=*****
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=no
ansible_python_interpreter=/usr/bin/python2.7

 

The checkpoint version i am using is:

This is Check Point Security Management Server R80.40 - Build 150
This is Check Point's software version R80.40 - Build 685

I tried sending requests via POSTMAN and it works fine.

Can someone please help me ?

 

0 Kudos
1 Solution

Accepted Solutions
Jim_Oqvist
Employee
Employee
‎2020-11-07 01:20 PM
Jump to solution

Hi Mervin,

What I assume is that you have mapped ckp_sms_ngen to an ip address in /etc/hosts.
I noticed that when doing so this causes Ansible httpapi connection plugin to send "X-Forwarded-Host=[]" in the http header, which in turn causes the server to respond with:

Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Sat, 07 Nov 2020 21:00:13 GMT]}
Payload: {
"code" : "generic_err_missing_required_header",
"message" : "Invalid header: [X-Forwarded-Host]"
}

While Ansible should send X-Forwarded-Host=[X.X.X.X:443],

 

You can work around this by adding "ansible_host" to your /etc/ansibe/hosts file.

[firewalls_checkpoint]
ckp_sms_ngen ansible_host=192.168.233.71

 

I am not sure if the problem is on the Ansible core side or our collection, but I will report this to our developers so they can work with Red Hat on that.

Kind Regards
Jim

View solution in original post

3 Replies
Jim_Oqvist
Employee
Employee
‎2020-11-07 01:20 PM
Jump to solution

Hi Mervin,

What I assume is that you have mapped ckp_sms_ngen to an ip address in /etc/hosts.
I noticed that when doing so this causes Ansible httpapi connection plugin to send "X-Forwarded-Host=[]" in the http header, which in turn causes the server to respond with:

Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Sat, 07 Nov 2020 21:00:13 GMT]}
Payload: {
"code" : "generic_err_missing_required_header",
"message" : "Invalid header: [X-Forwarded-Host]"
}

While Ansible should send X-Forwarded-Host=[X.X.X.X:443],

 

You can work around this by adding "ansible_host" to your /etc/ansibe/hosts file.

[firewalls_checkpoint]
ckp_sms_ngen ansible_host=192.168.233.71

 

I am not sure if the problem is on the Ansible core side or our collection, but I will report this to our developers so they can work with Red Hat on that.

Kind Regards
Jim

mervin16
Participant
‎2020-11-08 02:08 AM
In response to Jim_Oqvist
Jump to solution

Thank you so much for helping me. This worked. 

Thank you for checking this issue with Red Hat 🙂

0 Kudos
Jim_Oqvist
Employee
Employee
‎2020-11-09 02:44 AM
In response to Jim_Oqvist
Jump to solution

To update, this only seems to happen when using underscore "_" in the hostname, when using dash "-" will work fine.

PLAY RECAP *************************************************************************************************
chkp-mgmt                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
chkp_sms                   : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events