This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Cegeka_Networki
Participant
‎2020-04-16 03:10 AM

Ansible - getting info from multiple domains from provider

 

Hello all

I'm facing the following issue and I can't seem to find a way to fix it.

I'm trying to get an overview of all vpn's created on our check point platform.

I'm doing this by executing the following task in my playbook on 2 hosts in my inventory:

 

Task:

- name: show-vpn-communities-star on chosen firewall
    cp_mgmt_vpn_community_star_facts:
     details_level: full
   register: existing_star_vpns_on_fw

 

Inventory:

Aveve ansible_host=10.248.0.254 ansible_checkpoint_domain=Aveve
Renewi ansible_host=10.248.0.254 ansible_checkpoint_domain=Renewi

 

Running this playbook from AWX and debugging the registered variable: existing_star_vpns_on_fw gives me the same output twice (once for each host it was run on):

 

 

TASK [show-vpn-communities-star on chosen firewall] ****************************
ok: [Aveve]
[


ok: [Renewi]
[

TASK [debug] *******************************************************************
ok: [Aveve] =>
"msg": "VPN name: S2S-CI00060823-Actemium, peer ip: x.x.x.x"
}
[


ok: [Aveve] =>
"msg": "VPN name: test-vpn, peer ip: 1.1.1.1"
}
[
ok: [Renewi] =>
"msg": "VPN name: S2S-CI00060823-Actemium, peer ip: x.x.x.x"
}
[

ok: [Renewi] =>
"msg": "VPN name: test-vpn, peer ip: 1.1.1.1"
}
[

 

The output I'm getting are only the vpn's on Aveve. It almost seems that Ansible can't handle registered variables on multiple domains on 1 ansible host: 10.248.0.254. Does anyone have an idea how to prevent this?
Executing the same playbook on just 1 domain works perfectly.

 

Complete playbook:

 

- name: Check vpn's on Check Point platform
connection: httpapi
hosts: Aveve,Renewi
gather_facts: no

tasks:

- name: Setting password for NSAutomation user as fact
set_fact:
ansible_password: "{{ NSAutomation_pass }}"

- name: show-vpn-communities-star on chosen firewall
cp_mgmt_vpn_community_star_facts:
details_level: full
register: existing_star_vpns_on_fw

- debug:
msg: "VPN name: {{ item.name }}, peer ip: {{ item['satellite-gateways'][0]['ipv4-address'] }}"
loop: "{{ existing_star_vpns_on_fw.ansible_facts['vpn-communities-star'].objects }}"

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-04-18 02:28 PM

I assume you're talking about a Multi-Domain environment here.
Shouldn't you use the CMA IP for each domain here?
Cegeka_Networki
Participant
‎2020-04-22 01:35 AM
In response to PhoneBoy

I indeed decided to send my requests to the CMA's directly rather than the provider seeing as a register task is always saved on the host ip.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-22 10:05 AM
In response to Cegeka_Networki

You list the same IP for both domains...so I'm confused.
0 Kudos
IdentityUnknown
Contributor
‎2020-04-25 03:59 AM

Hi,

Normally you would run your playbook in a MDM scenario against your mgmt-ip and the domain will be a variable.

- name: Check vpn's on Check Point platform
connection: httpapi
hosts: MGMT-IP
gather_facts: no
vars: 
  ansible_checkpoint_domain: "Domain 1"

 

 It think you have to use the  module cp_mgmt_mds_facts to get all domains and create a list of domains to loop your task through all domains (https://docs.ansible.com/ansible/latest/modules/cp_mgmt_mds_facts_module.html#cp-mgmt-mds-facts-modu...)

 

 

0 Kudos
Upcoming Events

    CheckMates Events