This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Mando_92
Participant
‎2022-03-15 07:44 AM

Ansible architectur info

Jump to solution

Hello everybody,

I need some answers /clarifications as to how possible works with Check Point, obviously it is based on the functioning of the API and about this there is a web page "Management API Reference"



  • Ansible modules are divided into two large families that can be consulted on the respective ansible galaxy web pages, Check Point Ansible Mgmt Collection (mgmt plugin) with which I can automate only some operations, the same thing
    Check Point Ansible Gaia collection (gaia plugin).

    These two starting modules have in turn a series of playbooks for the operations / automations that are now possible and supported.
    Did I get it right ?

 

 

 

  • The various playbooks of Ansible that I am going to use can I launch from the various interfaces provided for the API or some are not supported ?
    mgmt_cli tool
    Web Services
    SmartConsole CLI
    Gaia CLI

 

I thank in advance all those who will answer me and clarify any doubts

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-03-18 09:51 AM
In response to Mando_92

Jump to solution

The Management API and Gaia API are used for different tasks.
Depending on what you are trying to do, you may use one or both.

Ansible only allows you to describe the desired end state of the configuration of the overall system.
Ansible then calls the native Check Point APIs in the appropriate order to achieve the desired configuration.

The native API calls allow you to prescribe the exact steps needed to achieve a desired configuration.
However, you must know the precise order to call the APIs to achieve the desired configuration.
The APIs do allow for things that cannot be described in the Ansible framework.

I hope that makes sense. 

View solution in original post

(1)
5 Replies
PhoneBoy
Admin
Admin
‎2022-03-17 12:05 PM

Jump to solution

There are Ansible modules that correspond to the Management API and Gaia API, yes.
Due to the way Ansible works, only a subset of operations available from the APIs are available in Ansible.
mgmt_cli, Web Services, SmartConsole CLI, and Gaia CLI are ways to leverage the API and are not relevant to Ansible.

(1)
Mando_92
Participant
‎2022-03-18 03:54 AM
In response to PhoneBoy

Jump to solution

Thanks for response !

Only one thing is not clear to me, what you mean by:

"Due to the way Ansible works, only a subset of operations available from the APIs are available in Ansible."

If I understand correctly I can only use one of the two ways or Ansible for mgmt or ansible for Gaia (I enclose screenshot)

Ansible galaxy.png

 

Thanks

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-18 09:51 AM
In response to Mando_92

Jump to solution

The Management API and Gaia API are used for different tasks.
Depending on what you are trying to do, you may use one or both.

Ansible only allows you to describe the desired end state of the configuration of the overall system.
Ansible then calls the native Check Point APIs in the appropriate order to achieve the desired configuration.

The native API calls allow you to prescribe the exact steps needed to achieve a desired configuration.
However, you must know the precise order to call the APIs to achieve the desired configuration.
The APIs do allow for things that cannot be described in the Ansible framework.

I hope that makes sense. 

(1)
Mando_92
Participant
‎2022-03-21 02:02 AM
In response to PhoneBoy

Jump to solution

I thank you for your availability and for having clarified my doubts!
Unfortunately I am not a Network DevOps and having no experience in this regard I am trying to learn.

I ask you one last thing seeing the Ansible playbooks available to date for Check Points on the respective links (mgmt and gaia) at first glance it does NOT seem possible to completely automate with Ansible the initial configuration of a physical infrastructure composed of GW clusters and SMART clusters- 1 however, it seems to me that automation on operation-oriented tasks can be implemented very well.

Best Regards

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-21 09:06 AM
In response to Mando_92

Jump to solution

Right, the APIs in question (and thus the Ansible modules and playbooks) focus on the day-to-day operations, not the initial installation/configuration.
For virtual gateway instances, we can do some automated deployment of gateways using the various mechanisms provided by the cloud.
For physical gateways, there are ways to automate the deployment (blink images, CDT, etc) but not via Ansible.
The initial deployment of management can be partially automated like gateways, but the need to deploy management in an automated fashion is typically far less. 

0 Kudos