- CheckMates
- :
- Products
- :
- Developers
- :
- Ansible
- :
- Issue creating a host with Ansible
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue creating a host with Ansible
I am trying to create a host on my SMS using Ansible but i am encountering some issues.
Below are some information that might be helpful.
Playbook:
---
- name: Checkpoint Hosts Management
hosts: firewalls_checkpoint
tasks:
- name: Add a new Host
check_point.mgmt.cp_mgmt_host:
ip_address: 192.0.2.1
name: New Host 1
state: present
auto_publish_session: yes
Inventory
#This is a group of remote servers for Checkpoint SMS
[firewalls_checkpoint]
ckp_sms
#These are global variables for the group firewalls
[firewalls_checkpoint:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=admin
ansible_password=*****
ansible_ssh_pass=*****
ansible_network_os=check_point.mgmt.checkpoint
ansible_ssh_transfer_method=scp
ansible.cfg
[defaults]
host_key_checking = False
[ssh_connection]
scp_if_ssh=True
timeout = 100
However, when i run my playbook with command ansible-playbook /etc/ansible/playbooks/checkpoint/network_create.yml, i get the following error:
fatal: [ckp_sms]: FAILED! => {
"msg": "failed to transfer file to /root/.ansible/tmp/ansible-local-71858l7zedua/tmpj8i_7uay CLINFR0711 Command insecure/AnsiballZ_setup.py:\n\nCLINFR0329 Invalid command:'scp -t 'CLINFR0711 Command insecure/AnsiballZ_setup.py''.\n"
}
If i ssh directly on a terminal to the SMS, it works fine.
I get the same error message when i try to ping the sms using ansible -m ping
Can someone please help me out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you follow this configuration guide ?
Maybe try
- name: add-host
cp_mgmt_host:
ip_address: 192.0.2.1
name: New Host 1
state: present
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Under the hosts section you are missing the connection parameter
connection: httpapi
Also, did you download the latest collection from galaxy?
https://galaxy.ansible.com/check_point/mgmt
You can find a working example here:
Kind Regards
Jim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I did what you said and encountered this error:
rpc__\nansible.module_utils.connection.ConnectionError: Invalid JSON response: <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n<p>Additionally, a 400 Bad Request\nerror was encountered while trying to use an ErrorDocument to handle the request.</p>\n</body></html>\n\n"
We usually get this error when we try to send a request without login to SMS but from Ansible documentation, it specifies that the login and logout is done automatically. So i don't know what's going wrong here. If i run the same command in Check Mode (ansible-playbook -C playbook.yml) it works.
Can you please help ?
My updated playbook is :
---
- name: playbook name
hosts: firewalls_checkpoint
connection: httpapi
tasks:
- name: task to have network
check_point.mgmt.cp_mgmt_network:
name: "network name"
subnet: "4.1.76.0"
mask_length: 24
auto_publish_session: true
vars:
ansible_checkpoint_domain: "SMC User"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mervin,
Your playbook is correct.
Please just not that the variable 'ansible_checkpoint_domain: "SMC User"' is not required when connecting to a SMS
Your /etc/ansible/hosts is not entirely correct.
I noticed that you have not assigned any ansible_host ip address to ckp_sms, Is chk_sms host name resolving to the IP of your Check Point management server?
If not you need to set the IP for this host.
Here is a correct /etc/ansible/hosts section where I removed some lines from the one you posted and added ansible_host ip address.
#This is a group of remote servers for Checkpoint SMS
[firewalls_checkpoint]
ckp_sms ansible_host=X.X.X.X
#These are global variables for the group firewalls
[firewalls_checkpoint:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=admin
ansible_password=XXXXX
ansible_network_os=check_point.mgmt.checkpoint
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you for replying, the ckp_sms is indeed resolving to my IP address. I set this in my host file (windows host file).
My SMS is R80.30.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay, please take a look at my response here, I think there is a problem with the Ansible httpapi connection plugin.
https://community.checkpoint.com/t5/Ansible/Ansible-Connection-Error/m-p/101387/highlight/true#M400
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This solution worked with my R80.40 but not my R80.30.
Does it have something to do with a JHF that has not been installed ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To orchestrate R80.30 version with Ansible, you need JHF 135 or later installed.
You can find more information here:
