This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
E_AGH107
Participant
‎2023-09-15 05:02 AM
Jump to solution

Obtain objects from CMA managed by MDS with Ansible

Hello Mates,

I have been working with CheckPoint and Ansible for the past 6/7 months. 

My environment has been a Smart 1 appliance where I have different instances (VSX, Gateways, etc) and I could manage objects, policies, layers and more from a centralized point without any major inconvenience. So I was working with an independent CMA.

Now, I have access to a MDS with several CMAs, I'm trying to execute some changes in a CMA like before but for my surprise it isn't working. I can access to the CMAs (directly or trough MDS) using SmartConsole R81.10, visualize the different objects and policies existing, but when I try to gather some information using the playbooks I used to, the obtained JSON objects are empty.

The playbooks I'm currently testing are very simple, here is an example:
---
- name: Obtain host objects
   gather_facts: false
   hosts: CMA-1
   connection: ansible.netcommon.httpapi

   tasks:

# Obtain the first 100 objects
      - name: Get host objects
         register: cp_hosts
         check_point.mgmt.cp_mgmt_host_facts:
            details_level: standard
            limit: 100
            offset: 0

The answer:

TASK [Get host objects] *******************
ok: [CMA-1] => {
   "ansible_facts": {
      "hosts": {
         "objects": [],
         "total": 0
      }
   },
   "changed": false,
   "invocation": {
      "module_args": {
         "details_level": "standard",
         "limit": 100,
         "name": null,
         "offset": 0,
         "order": null,
         "show_membership": null,
         "version": null
      }
   }
}

In other cases, when gathering information related to MDS, for example the existing domains (using module check_point.mgmt.cp_mgmt_domain_facts), I do obtain the information, even when I ask to the CMA instead of MDS, which I don't fully understand but is not the case.

I have used MDS and CMA-1 as hosts parameters, but no one returns whatever information I have asked for.

What I am doing wrong? Am I asking the correct host? Do I have to include some missing parameter?

I have been reading the documentation but didn't find any answer. https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html

Thank you in advance for your help!

 

Labels
0 Kudos
1 Solution

Accepted Solutions
Erik_Lagzdins
Employee Employee
Employee
‎2023-09-15 06:18 AM
Jump to solution

It sounds like you're connecting to the MDS domain, rather than the specific CMA-1 Domain.

Your ansible host/target should be the primary MDS. Then in the playbook, make sure to add a variable with your target domain with the ansible_checkpoint_domain variable. In my example below, my domain name is Domain1.

 

 

---
- name: "Show Hosts in the Domain"
  gather_facts: no
  hosts: mds-primary
  vars:
     ansible_connection: httpapi
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_network_os: check_point.mgmt.checkpoint
     ansible_checkpoint_domain: Domain1

  tasks:
    - name: show-checkpoint-hosts
      cp_mgmt_host_facts:
        limit: 100
      register: show_hosts

    - debug:
        msg: "{{ show_hosts }}"

 

 

View solution in original post

(1)
2 Replies
Erik_Lagzdins
Employee Employee
Employee
‎2023-09-15 06:18 AM
Jump to solution

It sounds like you're connecting to the MDS domain, rather than the specific CMA-1 Domain.

Your ansible host/target should be the primary MDS. Then in the playbook, make sure to add a variable with your target domain with the ansible_checkpoint_domain variable. In my example below, my domain name is Domain1.

 

 

---
- name: "Show Hosts in the Domain"
  gather_facts: no
  hosts: mds-primary
  vars:
     ansible_connection: httpapi
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_network_os: check_point.mgmt.checkpoint
     ansible_checkpoint_domain: Domain1

  tasks:
    - name: show-checkpoint-hosts
      cp_mgmt_host_facts:
        limit: 100
      register: show_hosts

    - debug:
        msg: "{{ show_hosts }}"

 

 

(1)
E_AGH107
Participant
‎2023-09-15 07:07 AM
In response to Erik_Lagzdins
Jump to solution

Indeed, that was the missing parameter!

I added the parameter in the host_vars file of CMA-1 so can re-use playbook.

Thank you so much Erik!

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events