Solved: Re: Check Point Ansible Module in Ansible 2.8 Vers...

Marcel_M · ‎2019-12-04

Hello, we are testing ansible automatisation on our MDS . I used this SK, but I can't find any information how to specify a special CMA Domain: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

My Hosts File looks like this: /etc/ansible/hosts

[checkpoint]
1.1.1.1

[checkpoint:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=api-user
ansible_password=password
ansible_network_os=checkpoint

My Ansible runbook lookes like that:

cat create-host2.yml
---
- hosts: checkpoint
connection: httpapi
# domain: "Global"
tasks:
- name: add-host
cp_mgmt_host:
ip_address: "192.0.2.1"
name: "New Host 1"
state: "present"

Does anyone know how to specify a CMA Domani in this Version?

In the old Version https://github.com/CheckPointSW/cpAnsible you could do this with the parameter -domain

Can anyone help me with that?

alex_barth · ‎2020-07-28

Hi,

@Arenaos we are using the https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection version 1.0.5 and its working for us.

When using the included collection in Ansible 2.9.7, we are facing the same issue.

View solution in original post

PhoneBoy · ‎2019-12-06

Are you using the IP of the domain?

Marcel_M · ‎2019-12-08

Hi,

no I used the IP of the MDS (Provider 1).

I want to create one global Object and also another object in a CMA (Domain).

PhoneBoy · ‎2019-12-09

In the case of a global object, yes, you'd connect to the MDS IP.
For the CMA, you should connect to the specific CMA IP and/or use the parameter "domain X" where X is the CMA name.

Marcel_M · ‎2019-12-10

hi,
the domain parameter in the playbook worked fine with the old module: https://github.com/CheckPointSW/cpAnsible

But this parameter is not valid anymore in the new ansible Module: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

which is now in the official ansible mofules: https://docs.ansible.com/ansible/latest/modules/cp_mgmt_host_module.html#cp-mgmt-host-module

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

In the old one it worked fine but not in the new one thats exactly my issue, I am missing this domain parameter in the new one.
And I didn't find any documentation if this has just another name or something else.

PhoneBoy · ‎2019-12-10

@Nir_Amara can you comment on this?

Nir_Amara · ‎2019-12-11

Hey,

The Check Point modules are available only from Ansible version 2.9 and above.

To add domain parameter for the official integration modules, add the name of that domain to the "ansible_checkpoint_domain" field under "vars" of your playbook.

For example:

---
- name: playbook name
  hosts: check_point
  connection: httpapi
  tasks:
    - name: task to have network
      check_point.mgmt.cp_mgmt_network:
        name: "network name"
        subnet: "4.1.76.0"
        mask_length: 24
        auto_publish_session: true
        
      vars: 
        ansible_checkpoint_domain: "SMC User"

Replace "SMC User" with "Global" in the above example to run the task in the Global domain.

Let me know if you need further assistance.

Marcel_M · ‎2019-12-11

Sounds great thanks for the hint, I will try this.

Zeke · ‎2020-06-16

@Nir_Amara that variable "ansible_checkpoint_domain" is not longer valid. I am using Ansible 2.9.7 and is not being taken, seems like Ansible completely ignored that.

I can tell my parameters are fine because if I try the same from Postman the changes are reflected. Can you point me to the right documentation please?

Here is my playbook:

- name: example_playbook
  hosts: check_point
  connection: httpapi
  tasks:
    - name: set-service-tcp
      cp_mgmt_service_tcp:
      name: %SERVICE%
      ...
      auto_publish_session: yes

    vars:
      ansible_checkpoint_domain: "%DOMAIN%"

Arenaos · ‎2020-06-30

Hi,

@Nir_Amara that variable "ansible_checkpoint_domain" is not longer valid for me as well. Is there any solution to specify a domain ?

We have 8 domain in our MDS. There is no solution for us at the moment.

Regards,

Gary

alex_barth · ‎2020-07-28

Hi,

@Arenaos we are using the https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection version 1.0.5 and its working for us.

When using the included collection in Ansible 2.9.7, we are facing the same issue.

Are you a member of CheckMates?

Check Point Ansible Module in Ansible 2.8 Version with MDS