Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Marcel_M
Contributor
Jump to solution

Check Point Ansible Module in Ansible 2.8 Version with MDS

Hello, we are testing ansible automatisation on our MDS . I used this SK, but I can't find any information how to specify a special CMA Domain: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

My Hosts File looks like this: /etc/ansible/hosts

[checkpoint]
1.1.1.1

[checkpoint:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=api-user
ansible_password=password
ansible_network_os=checkpoint

 

My Ansible runbook lookes like that:

cat create-host2.yml
---
- hosts: checkpoint
connection: httpapi
# domain: "Global"
tasks:
- name: add-host
cp_mgmt_host:
ip_address: "192.0.2.1"
name: "New Host 1"
state: "present"

Does anyone know how to specify a CMA Domani in this Version?

 

In the old Version https://github.com/CheckPointSW/cpAnsible you could do this with the parameter -domain

 

Can anyone help me with that?

 

0 Kudos
1 Solution

Accepted Solutions
alex_barth
Explorer

Hi,

@Arenaos we are using the https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection version 1.0.5 and its working for us.

When using the included collection in Ansible 2.9.7, we are facing the same issue.

View solution in original post

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

Are you using the IP of the domain?

0 Kudos
Marcel_M
Contributor

Hi,

no I used the IP of the MDS (Provider 1).

I want to create one global Object and also another object in a CMA (Domain).

 

0 Kudos
PhoneBoy
Admin
Admin
In the case of a global object, yes, you'd connect to the MDS IP.
For the CMA, you should connect to the specific CMA IP and/or use the parameter "domain X" where X is the CMA name.
0 Kudos
Marcel_M
Contributor
hi,
the domain parameter in the playbook worked fine with the old module: https://github.com/CheckPointSW/cpAnsible

But this parameter is not valid anymore in the new ansible Module: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

which is now in the official ansible mofules: https://docs.ansible.com/ansible/latest/modules/cp_mgmt_host_module.html#cp-mgmt-host-module

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

In the old one it worked fine but not in the new one thats exactly my issue, I am missing this domain parameter in the new one.
And I didn't find any documentation if this has just another name or something else.
0 Kudos
PhoneBoy
Admin
Admin

@Nir_Amara can you comment on this?

0 Kudos
Nir_Amara
Employee Alumnus
Employee Alumnus

Hey,

The Check Point modules are available only from Ansible version 2.9 and above.

To add domain parameter for the official integration modules, add the name of that domain to the "ansible_checkpoint_domain" field under "vars" of your playbook. 

For example:

---
- name: playbook name
  hosts: check_point
  connection: httpapi
  tasks:
    - name: task to have network
      check_point.mgmt.cp_mgmt_network:
        name: "network name"
        subnet: "4.1.76.0"
        mask_length: 24
        auto_publish_session: true
        
      vars: 
        ansible_checkpoint_domain: "SMC User"

 

Replace "SMC User" with "Global" in the above example to run the task in the Global domain.

 

Let me know if you need further assistance.

0 Kudos
Marcel_M
Contributor
Sounds great thanks for the hint, I will try this.
0 Kudos
Zeke
Explorer

@Nir_Amara that variable "ansible_checkpoint_domain" is not longer valid. I am using Ansible 2.9.7 and is not being taken, seems like Ansible completely ignored that.

I can tell my parameters are fine because if I try the same from Postman the changes are reflected. Can you point me to the right documentation please? 

 

Here is my playbook:

 

- name: example_playbook
  hosts: check_point
  connection: httpapi
  tasks:
    - name: set-service-tcp
      cp_mgmt_service_tcp:
      name: %SERVICE%
      ...
      auto_publish_session: yes

    vars:
      ansible_checkpoint_domain: "%DOMAIN%"

 

 

 

0 Kudos
Arenaos
Explorer

Hi,

@Nir_Amara that variable "ansible_checkpoint_domain" is not longer valid for me as well. Is there any solution to specify a domain ? 

We have 8 domain in our MDS. There is no solution for us at the moment.

 

Regards,

Gary

0 Kudos
alex_barth
Explorer

Hi,

@Arenaos we are using the https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection version 1.0.5 and its working for us.

When using the included collection in Ansible 2.9.7, we are facing the same issue.

0 Kudos
Upcoming Events

    CheckMates Events