This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ukohae
Contributor
‎2021-01-21 08:19 AM

Checkpoint using Ansible - Error Message

Hello,

I am trying to use Ansible to communicate with a device on SmartConsole checkpoint. 

Question: How can I effectively communicate(authenticate) with Checkpoint devices?

I am using R80.40

hosts 

-------------------------------------------------------------------------------------------------------------------------------------

[checkpoint]

10.31.30.121

[checkpoint:vars]

ansible_httpapi_validate_certs=False

ansible_httpapi_use_ssl=True

ansible_network_os=checkpoint

policy_name=Standard

mgmt_server=#mgmt_serper_IP

ansible_python_interpreter=/usr/bin/python3

ansbile_user=#Checkpoint Username

ansible_password=#Checkpoint Password

 

-------------------------------------------------------------------------------------------------------------------------------------

cp_mgmt_host.yml

---

- hosts: checkpoint

  connection: httpapi

  tasks:

     - name: Create host object

        cp_mgmt_host:

             color: dark green

             ipv4_address: 192.0.2.2

             name: New CP_MGMT Host 1

             state: present

             auto_publish_session: true

 

---------------------------------------------------------------------------------------------------------------------------------

                                                                           Error Message 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

$ansible-playbook cp_mgmt_host.yml

 

PLAY [checkpoint] ***********************************************************************************************************************

 

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [10.31.30.121]

 

TASK [Create host object] ***********************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'
fatal: [10.31.3.130]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/user/.ansible/tmp/ansible-local-26357sRCDQE/ansible-tmp-1611243679.24-26455-18666920100150/AnsiballZ_cp_mgmt_host.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/user/.ansible/tmp/ansible-local-26357sRCDQE/ansible-tmp-1611243679.24-26455-18666920100150/AnsiballZ_cp_mgmt_host.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/user/.ansible/tmp/ansible-local-26357sRCDQE/ansible-tmp-1611243679.24-26455-18666920100150/AnsiballZ_cp_mgmt_host.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 333, in <module>\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 328, in main\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 201, in api_call\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

 

PLAY RECAP ***********************************************************************************************************************
10.31.3.130 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

0 Kudos
7 Replies
funkylicious
Advisor
‎2021-01-21 08:40 AM

Have a look at the JHF installed on the SMS https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ukohae
Contributor
‎2021-01-21 09:29 AM
In response to funkylicious

Hi,

 

My version of SmartConsole is R80.40. When I try to install collection management, it doesn't install. If the ansible collection mgmt is installed could it fix the bug?

0 Kudos
Art_Zalenekas
Employee
Employee
‎2021-01-21 01:20 PM
In response to ukohae

Two things:

  • Install CHKP Management Collection (and overwrite if present)
    • $ ansible-galaxy collection install check_point.mgmt --force
  • Your ansible_network_os in the inventory is using the built-in checkpoint modules of Ansible. You need to force to use the modules from the collection that you installed
    • ansible_network_os=check_point.mgmt.checkpoint

Then in the playbook, the Ansible module is referred to check_point.mgmt.MODULE
See: https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/ and look for modules starting cp_mgmt

Let us know if you have any other questions.

ukohae
Contributor
‎2021-01-21 04:40 PM
In response to Art_Zalenekas

When I try to install Ansible Collection on my office machine. I keep getting an error message

" Error! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>

Art_Zalenekas
Employee
Employee
‎2021-01-21 05:36 PM
In response to ukohae

So that is something completely else. It seems like you have HTTPS Interception (SSL Decryption) going outbound or just don't have the CA certificates installed. So install your TLS/SSL Interceptors CA on that machine, or you can execute the ansible-galaxy with --ignore-certs

$ ansible-galaxy collection install check_point.mgmt --force --ignore-certs

Make sure you have ca-certificates is installed, according to your Linux Distro (this is for Debian based systems) which will install common CA certificates.

ukohae
Contributor
‎2021-01-21 06:36 PM
In response to Art_Zalenekas

So I ran the command. 

$ ansible-galaxy collection install check_point.mgmt --force --ignore-certs

 

I have the ca-certificate,  but I get an Error Message.

ERROR! Mismatch artifact hash with the downloaded file

 

Art_Zalenekas
Employee
Employee
‎2021-01-23 12:32 PM
In response to ukohae

Sorry, but without looking at your environment it's hard to say what it could be. This is not anymore Ansible related.