This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Govind135438
Participant
a month ago
Jump to solution

Handling locked by another session issue in Ansible playbooks

I am facing the error like below from Ansible playbook from modules from "check_point.mgmt" collection. 

TASK [Add VLAN interface to Management gateway object] **************************************************************************************************************
fatal: [10.25.58.51]: FAILED! => {"changed": false, "msg": "Checkpoint device returned error 400 with message {'code': 'generic_error', 'message': \"Action cannot be executed on object: gw-893628 due to: Object 'gw-893628' is locked by another session.\"} Unpublished changes were discarded"}

This error occurs when I have some unpublished changes from Check Point Smartconsole or command-line. 

How can I force changes from Ansible when there are unpublished changes from others? Or what is the best practice to follow in this scenario?

0 Kudos
1 Solution

Accepted Solutions
Duane_Toler
MVP Silver
MVP Silver
a month ago
Jump to solution

You can't publish another session, reliably, even if your administrator account has access to do so.  You don't want to do this.  Instead, you need to open SmartConsole -> Manage & Settings -> Sessions and see who has open sessions and object locks.  You either need to discard those sessions (if you have permissions to do so), or ask the other administrators to close their sessions.  The management server is trying to protect you from unwanted, and unexpected, results that you may not want.  Don't violate this or you will have trouble.

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

View solution in original post

3 Replies
Daniel_Kuhl1
Employee Employee
Employee
a month ago
Jump to solution

A quick answer from my mind without any validation from documentation:

  1. Run show-sessions API call to get all sessions
  2. Then looping through the sessions and find sessions with locks using show-session API call
    • take-over the session
    • discard or publish to get rid of the locks 
  3. continue with your changes

...but I think the Ansible collection does not support all of it, so you have to build your own API calls using Web-Services API.

Maybe CheckMates folks find a better way.

0 Kudos
Govind135438
Participant
a month ago
In response to Daniel_Kuhl1
Jump to solution

Thank you for your response. I will try your solution. 

Duane_Toler
MVP Silver
MVP Silver
a month ago
Jump to solution

You can't publish another session, reliably, even if your administrator account has access to do so.  You don't want to do this.  Instead, you need to open SmartConsole -> Manage & Settings -> Sessions and see who has open sessions and object locks.  You either need to discard those sessions (if you have permissions to do so), or ask the other administrators to close their sessions.  The management server is trying to protect you from unwanted, and unexpected, results that you may not want.  Don't violate this or you will have trouble.

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events