Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Will_H
Contributor

Ansible playbooks wont run outside of specific directory

Hi, I'm trying to solve this Ansible playbook issue

If my playbooks are in this directory   /usr/lib/python2.7/site-packages/ansible/modules/extras

the playbooks run fine.

 

When using Tower, it puts them in its own folder which is /var/lib/aws/projects/<dynamic>/whatever.yml

and I get the following message (both in tower and when I run locally like below)

I have tried multiple things to try to straiten this out. 

Any suggestions?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

The error message is telling you what the issue is: namely that when you issue the login message to the Check Point management server, that the fingerprint of the server is not trusted.

You can configure this as part of the login action.

For example, in this playbook quoted here: cpAnsible installation on Ubuntu 16.04 , you see the following:

- hosts: "localhost"

  tasks:

  - name: "login"

    check_point_mgmt:

      command: login

      parameters:

        username: "{{mgmt_user}}"

        password: "{{mgmt_password}}"

        management: "{{mgmt_server}}"

      fingerprint: "FA:5A:A6:AC:93:D0:BD:69:9E:E1:72:05:1D:73:24:70:29:17:37:C1"

    register: login_response

The CLI command api fingerprint from the management will give you the SHA1 hash you need to add for your management server.

0 Kudos
Will_H
Contributor

I am doing the following..

---

- hosts: "localhost"
tasks:
- name: "login"
check_point_mgmt:
command: login
parameters:
username: "{{mgmt_user}}"
password: "{{mgmt_password}}"
management: "{{mgmt_server}}"
domain: "{{mgmt_domain}}"
fingerprint: "{{mgmt_finger_Print}}"
register: login_response
- name: "logout"
check_point_mgmt:
command: logout
session-data: '{{login_response}}'
0 Kudos
PhoneBoy
Admin
Admin

Ryan Darst‌, any idea?

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

Have you defined your library path correctly in /etc/ansible/ansible.cfg?

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

I'm not using Tower for a very long time, I do not remember that I had issues with that besides the license limitation of the free version

Try this one Smiley Happy

- name: "Gather API Fingerprint from the Management Server"
command: "/opt/CPsuite-R80/fw1/bin/api fingerprint |grep SHA1 "
register: api_fingerprint_raw

- name: "Register the output for only the SHA1 fingerprint"
set_fact:
api_fingerprint: "{{ api_fingerprint_raw.stdout.split(' ')[1] }}"

- name: Debug Output
debug:
msg: "Output for API SHA1 {{ api_fingerprint }}"

- name: "login"
check_point_mgmt:
command: login
parameters:
username: "admin"
password: "vpn123"
management: "{{ target }}"
domain: "{{ domain_server }}"
fingerprint: "{{ api_fingerprint }}"
register: login_response

0 Kudos
Will_H
Contributor

After I fixed my indentation it worked. I had fingerprint: lined up with the parameters section. So its not just for looks?

0 Kudos
PhoneBoy
Admin
Admin

Correct it's not just for looks.

Indents matter. Smiley Happy

Upcoming Events

    CheckMates Events