This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Simon_Andersso1
Participant
‎2018-06-18 05:59 AM
Jump to solution

[Ansible] Unable to obtain sid

I'm trying to write a simple ansible play, containing only a login and a logout task, by following the instructions found here: https://github.com/CheckPointSW/cpAnsible .

My playbook looks like this:

---
- hosts: "firewalls"
  tasks:
  - name: "login"
    check_point_mgmt:
      command: login
      parameters:
        username: "{{mgmt_user}}"
        password: "{{mgmt_password}}"
        management: "{{mgmt_server}}"
      fingerprint: "{{mgmt_fingerprint}}"
    register: login_response

  - name: "logout"
    check_point_mgmt:
      command: logout
      session-data: "{{login_response}}"

The login goes ok, but the logout task fails with the following error:

fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Command 'logout None' failed with error message: Missing header: [X-chkp-sid]. All changes are discarded and the session is invalidated."}

It appears I am unable to obtain a session-id, but I have no idea of how to resolve this.

1 Solution

Accepted Solutions
Robert_Decker
Advisor
‎2018-06-18 06:41 AM
In response to Simon_Andersso1
Jump to solution

have you configured your management API server to accept connections from remote machines?

View solution in original post

0 Kudos
8 Replies
Robert_Decker
Advisor
‎2018-06-18 06:14 AM
Jump to solution

Do you have any indication that login command was successful?

session-data holds the session-id inside.

robert.

0 Kudos
Simon_Andersso1
Participant
‎2018-06-18 06:31 AM
In response to Robert_Decker
Jump to solution

To be honest, I'm not sure. When running the playbook with the --verbose flag the login task shows ok but sid shows "null".

Here is my full output:

PLAY [firewalls] ********************************************************************

TASK [Gathering Facts] **************************************************************
ok: [127.0.0.1]

TASK [login] ************************************************************************
ok: [127.0.0.1] => {"changed": false, "response": {"domain": null, "fingerprint": "002451E2D9743CDACC8F7178761FAE4C017AB039", "sid": null, "url": "10.99.81.101:443"}}

TASK [logout] ***********************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Command 'logout None' failed with error message: Missing header: [X-chkp-sid]. All changes are discarded and the session is invalidated."}
        to retry, use: --limit @/home/simand/ansible_platform/cp_test.retry

PLAY RECAP **************************************************************************
127.0.0.1                  : ok=2    changed=0    unreachable=0    failed=1

0 Kudos
Robert_Decker
Advisor
‎2018-06-18 06:41 AM
In response to Simon_Andersso1
Jump to solution

have you configured your management API server to accept connections from remote machines?

0 Kudos
Simon_Andersso1
Participant
‎2018-06-18 06:47 AM
In response to Robert_Decker
Jump to solution

I feel so stupid now. I had completely missed that step in the tutorial. Thank you.

Tribhawan_Singh
Contributor
‎2018-12-10 06:39 PM
Jump to solution

Hello Dameon Welch-Abernathy‌ and other folks,

I need your help to fix 1 issue .
While executing your given script in my test environment i am getting below error:
TASK [Add CheckMatesDemo group] ****************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Command 'add-group {u'name': u'CheckMatesDemo'}'
failed with error message: Missing header: [X-chkp-sid]. All changes are discarded and the session is invalidated."}
to retry, use: --limit @/etc/ansible/cp2.retry

I am trying to execute CheckMates_AddHost.yml

FYI: API is enable on the MGMT server for all IP addresses but don't know why SID is coming as null.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-12-10 09:17 PM
In response to Tribhawan_Singh
Jump to solution

Which "given script" are you discussing?

I recommend posting the question on the relevant thread where the script was shared with more details about how exactly you are invoking it.

In general, you have to "login" to the API, which will generate a session ID.

That session ID would be passed via a X-chkp-sid on subsequent calls to the API.

My guess is in the ansible playbook you called, you forgot the login action.

But, like I said, I recommend continuing the discussion on the relevant thread.

Tribhawan_Singh
Contributor
‎2018-12-11 04:37 AM
Jump to solution

Thanks for the reply Dameon Welch-Abernathy

There was some permission issue. post correction that everything worked as expected.

James_Le
Explorer
‎2019-04-29 05:59 PM
In response to Tribhawan_Singh
Jump to solution

Hello, I'm getting the same error message and I've tried many things but doesn't work. Do you mind elaborating what you did to resolve your issues? Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top