Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ukohae
Contributor

Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

How do I check if a Group Exists in a domain using Ansible, and if it exists add a host to the group, if it doesn't exist, create a new group and then add a host to that Group.
 
playbook.yml

 

---
- hosts: check_point
  connection: httpapi
  gather_facts: False
  vars_files:
    - 'my_var.yml'
    - 'login.yml'
   
   tasks:
   - name: add-host-if-group-exist
     check_point.mgmt.cp_mgmt_host:
       name: Host1
       ip_address: 10.1.2.3
       comments: 'FWP'
       state: present
       groups: groupTest
       auto_publish_session: yes
     delegate_to: Global

   - name: add-group-if-group-doesn't exist-and-create-host
     check_point.mgmt.cp_mgmt_host:
       name: groupTest
       state: present
       members: Host1
       auto_publish_session: yes
     delegate_to: Global

# let's check if the group exists, if it doesn't create a new group and add a host. If a group exists add new host to that group

 

 

6 Replies
PhoneBoy
Admin
Admin

I'm by no means an expert in Ansible.
But I assume you could execute check_point.mgmt.cp_mgmt_group_facts and either add to the existing group or create the group based on the result.
Tagging @Or_Soffer in case he has a more precise idea.

ukohae
Contributor

Hi, can I get a working code example?

PhoneBoy
Admin
Admin

Seems like you'd use fail in the playbook.
But you should check the group first, then create the host object.
My guess is you'd have a task like the following before your create host task:

   - name: check-if-group-exists-if-not-create
     check_point.mgmt.cp_mgmt_group_facts
       name: groupTest
   - fail:
       check_point.mgmt.cp_mgmt_host:
         name: groupTest
         state: present
         members: Host1
         auto_publish_session: yes
       delegate_to: Global

 However: I have not tested this.

 

ukohae
Contributor

I ran the sample code. I get a console error message

 

---
- name: Global Objects
  hosts: Global
  connection: httpapi
  gather_facts: False
  vars_files:
    - 'credentials/my_var.yml'
    - 'credentials/login.yml'

  tasks:
  - name: check-if-group-exists-if-not-create
    check_point.mgmt.cp_mgmt_group_facts:
      name: gTest1A

  - name: fail
    fail:
      check_point.mgmt.cp_mgmt_host:
        name: Host1
        state: present
        #members: Host1
        auto_publish_session: yes
      #delegate_to: Global

 

 

Error Message

 

TASK [fail] ********************************************************************************************************************************************************************************
fatal: [Global]: FAILED! => {"changed": false, "msg": "Invalid options for fail: check_point.mgmt.cp_mgmt_host"}

 

@PhoneBoy @Jonas_Rosenboom 

 

PhoneBoy
Admin
Admin

The fail should be associated with checking the existence of the group, which it's not in your code sample.

Jonas_Rosenboom
Employee
Employee

If you can't use Ansible according to it's philosophy due to your environment, it might be easier to find a better tool for the job.

via https://www.ansible.com/blog/ansible-best-practices-essentials

> Ansible is a desired state engine by design. If you’re trying to “write code” in your plays and roles, you’re setting yourself up for failure. Our YAML-based playbooks were never meant to be for programming.

Check out our Check Point API Python Development Kit and API documentation instead. A short Python script might cover all your cases and give you quick results.

Upcoming Events

    CheckMates Events