This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marcel_M
Contributor
‎2019-12-04 05:15 AM
Jump to solution

Check Point Ansible Module in Ansible 2.8 Version with MDS

Hello, we are testing ansible automatisation on our MDS . I used this SK, but I can't find any information how to specify a special CMA Domain: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

My Hosts File looks like this: /etc/ansible/hosts

[checkpoint]
1.1.1.1

[checkpoint:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=api-user
ansible_password=password
ansible_network_os=checkpoint

 

My Ansible runbook lookes like that:

cat create-host2.yml
---
- hosts: checkpoint
connection: httpapi
# domain: "Global"
tasks:
- name: add-host
cp_mgmt_host:
ip_address: "192.0.2.1"
name: "New Host 1"
state: "present"

Does anyone know how to specify a CMA Domani in this Version?

 

In the old Version https://github.com/CheckPointSW/cpAnsible you could do this with the parameter -domain

 

Can anyone help me with that?

 

0 Kudos
1 Solution

Accepted Solutions
alex_barth
Explorer
‎2020-07-28 12:01 AM
In response to Arenaos
Jump to solution

Hi,

@Arenaos we are using the https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection version 1.0.5 and its working for us.

When using the included collection in Ansible 2.9.7, we are facing the same issue.

View solution in original post

0 Kudos
10 Replies
PhoneBoy
Admin
Admin
‎2019-12-06 06:38 PM
Jump to solution

Are you using the IP of the domain?

0 Kudos
Marcel_M
Contributor
‎2019-12-08 01:34 AM
In response to PhoneBoy
Jump to solution

Hi,

no I used the IP of the MDS (Provider 1).

I want to create one global Object and also another object in a CMA (Domain).

 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-12-09 08:20 AM
In response to Marcel_M
Jump to solution

In the case of a global object, yes, you'd connect to the MDS IP.
For the CMA, you should connect to the specific CMA IP and/or use the parameter "domain X" where X is the CMA name.
0 Kudos
Marcel_M
Contributor
‎2019-12-10 12:06 AM
In response to PhoneBoy
Jump to solution

hi,
the domain parameter in the playbook worked fine with the old module: https://github.com/CheckPointSW/cpAnsible

But this parameter is not valid anymore in the new ansible Module: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

which is now in the official ansible mofules: https://docs.ansible.com/ansible/latest/modules/cp_mgmt_host_module.html#cp-mgmt-host-module

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

In the old one it worked fine but not in the new one thats exactly my issue, I am missing this domain parameter in the new one.
And I didn't find any documentation if this has just another name or something else.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-12-10 02:50 PM
In response to Marcel_M
Jump to solution

@Nir_Amara can you comment on this?

0 Kudos
Nir_Amara
Employee Alumnus
Employee Alumnus
‎2019-12-11 04:05 AM
In response to PhoneBoy
Jump to solution

Hey,

The Check Point modules are available only from Ansible version 2.9 and above.

To add domain parameter for the official integration modules, add the name of that domain to the "ansible_checkpoint_domain" field under "vars" of your playbook. 

For example:

---
- name: playbook name
  hosts: check_point
  connection: httpapi
  tasks:
    - name: task to have network
      check_point.mgmt.cp_mgmt_network:
        name: "network name"
        subnet: "4.1.76.0"
        mask_length: 24
        auto_publish_session: true
        
      vars: 
        ansible_checkpoint_domain: "SMC User"

 

Replace "SMC User" with "Global" in the above example to run the task in the Global domain.

 

Let me know if you need further assistance.

0 Kudos
Marcel_M
Contributor
‎2019-12-11 06:18 AM
In response to Nir_Amara
Jump to solution

Sounds great thanks for the hint, I will try this.
0 Kudos
Zeke
Explorer
‎2020-06-16 08:35 PM
In response to Nir_Amara
Jump to solution

@Nir_Amara that variable "ansible_checkpoint_domain" is not longer valid. I am using Ansible 2.9.7 and is not being taken, seems like Ansible completely ignored that.

I can tell my parameters are fine because if I try the same from Postman the changes are reflected. Can you point me to the right documentation please? 

 

Here is my playbook:

 

- name: example_playbook
  hosts: check_point
  connection: httpapi
  tasks:
    - name: set-service-tcp
      cp_mgmt_service_tcp:
      name: %SERVICE%
      ...
      auto_publish_session: yes

    vars:
      ansible_checkpoint_domain: "%DOMAIN%"

 

 

 

0 Kudos
Arenaos
Explorer
‎2020-06-30 12:54 AM
In response to Zeke
Jump to solution

Hi,

@Nir_Amara that variable "ansible_checkpoint_domain" is not longer valid for me as well. Is there any solution to specify a domain ? 

We have 8 domain in our MDS. There is no solution for us at the moment.

 

Regards,

Gary

0 Kudos
alex_barth
Explorer
‎2020-07-28 12:01 AM
In response to Arenaos
Jump to solution

Hi,

@Arenaos we are using the https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection version 1.0.5 and its working for us.

When using the included collection in Ansible 2.9.7, we are facing the same issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events