- CheckMates
- :
- Products
- :
- Developers
- :
- Ansible
- :
- Re: Ansible - How to check if a group exist. If it...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ansible - How to check if a group exist. If it exist, then create Host Objects to that group
How do I check if a Group Exists in a domain using Ansible, and if it exists add a host to the group, if it doesn't exist, create a new group and then add a host to that Group.
playbook.yml
---
- hosts: check_point
connection: httpapi
gather_facts: False
vars_files:
- 'my_var.yml'
- 'login.yml'
tasks:
- name: add-host-if-group-exist
check_point.mgmt.cp_mgmt_host:
name: Host1
ip_address: 10.1.2.3
comments: 'FWP'
state: present
groups: groupTest
auto_publish_session: yes
delegate_to: Global
- name: add-group-if-group-doesn't exist-and-create-host
check_point.mgmt.cp_mgmt_host:
name: groupTest
state: present
members: Host1
auto_publish_session: yes
delegate_to: Global
# let's check if the group exists, if it doesn't create a new group and add a host. If a group exists add new host to that group
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm by no means an expert in Ansible.
But I assume you could execute check_point.mgmt.cp_mgmt_group_facts and either add to the existing group or create the group based on the result.
Tagging @Or_Soffer in case he has a more precise idea.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, can I get a working code example?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems like you'd use fail in the playbook.
But you should check the group first, then create the host object.
My guess is you'd have a task like the following before your create host task:
- name: check-if-group-exists-if-not-create
check_point.mgmt.cp_mgmt_group_facts
name: groupTest
- fail:
check_point.mgmt.cp_mgmt_host:
name: groupTest
state: present
members: Host1
auto_publish_session: yes
delegate_to: Global
However: I have not tested this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran the sample code. I get a console error message
---
- name: Global Objects
hosts: Global
connection: httpapi
gather_facts: False
vars_files:
- 'credentials/my_var.yml'
- 'credentials/login.yml'
tasks:
- name: check-if-group-exists-if-not-create
check_point.mgmt.cp_mgmt_group_facts:
name: gTest1A
- name: fail
fail:
check_point.mgmt.cp_mgmt_host:
name: Host1
state: present
#members: Host1
auto_publish_session: yes
#delegate_to: Global
Error Message
TASK [fail] ********************************************************************************************************************************************************************************
fatal: [Global]: FAILED! => {"changed": false, "msg": "Invalid options for fail: check_point.mgmt.cp_mgmt_host"}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The fail should be associated with checking the existence of the group, which it's not in your code sample.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you can't use Ansible according to it's philosophy due to your environment, it might be easier to find a better tool for the job.
via https://www.ansible.com/blog/ansible-best-practices-essentials:
> Ansible is a desired state engine by design. If you’re trying to “write code” in your plays and roles, you’re setting yourself up for failure. Our YAML-based playbooks were never meant to be for programming.
Check out our Check Point API Python Development Kit and API documentation instead. A short Python script might cover all your cases and give you quick results.
![](/skins/images/74119E49EB1AA30407316FFB9151D237/responsive_peak/images/icon_anonymous_message.png)