This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ukohae
Contributor
‎2021-04-23 04:58 AM

Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

How do I check if a Group Exists in a domain using Ansible, and if it exists add a host to the group, if it doesn't exist, create a new group and then add a host to that Group.
 
playbook.yml

 

---
- hosts: check_point
  connection: httpapi
  gather_facts: False
  vars_files:
    - 'my_var.yml'
    - 'login.yml'
   
   tasks:
   - name: add-host-if-group-exist
     check_point.mgmt.cp_mgmt_host:
       name: Host1
       ip_address: 10.1.2.3
       comments: 'FWP'
       state: present
       groups: groupTest
       auto_publish_session: yes
     delegate_to: Global

   - name: add-group-if-group-doesn't exist-and-create-host
     check_point.mgmt.cp_mgmt_host:
       name: groupTest
       state: present
       members: Host1
       auto_publish_session: yes
     delegate_to: Global

# let's check if the group exists, if it doesn't create a new group and add a host. If a group exists add new host to that group

 

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-04-25 09:23 PM

I'm by no means an expert in Ansible.
But I assume you could execute check_point.mgmt.cp_mgmt_group_facts and either add to the existing group or create the group based on the result.
Tagging @Or_Soffer in case he has a more precise idea.

0 Kudos
ukohae
Contributor
‎2021-04-26 09:18 PM
In response to PhoneBoy

Hi, can I get a working code example?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-26 09:33 PM
In response to ukohae

Seems like you'd use fail in the playbook.
But you should check the group first, then create the host object.
My guess is you'd have a task like the following before your create host task:

   - name: check-if-group-exists-if-not-create
     check_point.mgmt.cp_mgmt_group_facts
       name: groupTest
   - fail:
       check_point.mgmt.cp_mgmt_host:
         name: groupTest
         state: present
         members: Host1
         auto_publish_session: yes
       delegate_to: Global

 However: I have not tested this.

 

0 Kudos
ukohae
Contributor
‎2021-04-27 06:46 AM
In response to PhoneBoy

I ran the sample code. I get a console error message

 

---
- name: Global Objects
  hosts: Global
  connection: httpapi
  gather_facts: False
  vars_files:
    - 'credentials/my_var.yml'
    - 'credentials/login.yml'

  tasks:
  - name: check-if-group-exists-if-not-create
    check_point.mgmt.cp_mgmt_group_facts:
      name: gTest1A

  - name: fail
    fail:
      check_point.mgmt.cp_mgmt_host:
        name: Host1
        state: present
        #members: Host1
        auto_publish_session: yes
      #delegate_to: Global

 

 

Error Message

 

TASK [fail] ********************************************************************************************************************************************************************************
fatal: [Global]: FAILED! => {"changed": false, "msg": "Invalid options for fail: check_point.mgmt.cp_mgmt_host"}

 

@PhoneBoy @Jonas_Rosenboom 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-27 08:15 AM
In response to ukohae

The fail should be associated with checking the existence of the group, which it's not in your code sample.

0 Kudos
Jonas_Rosenboom
Employee
Employee
‎2021-04-27 08:47 AM
In response to ukohae

If you can't use Ansible according to it's philosophy due to your environment, it might be easier to find a better tool for the job.

via https://www.ansible.com/blog/ansible-best-practices-essentials

> Ansible is a desired state engine by design. If you’re trying to “write code” in your plays and roles, you’re setting yourself up for failure. Our YAML-based playbooks were never meant to be for programming.

Check out our Check Point API Python Development Kit and API documentation instead. A short Python script might cover all your cases and give you quick results.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events