This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GermanP
Explorer
‎2021-05-20 01:54 PM

Run a script with Ansible on R80.40

Hi

I am trying to run a script on a Firewall running R80.40 from an Ansible playbook, however I'm getting errors. What I did is this:

- I created a test playbook:

---
- name: Check Point test
  hosts: all
  connection: httpapi
  tasks:
    - name: Save configuration
      cp_mgmt_run_script:
      script_name: "Save configuration"
      script: clish -c "save config"
      wait_for_task: no
      targets:
        - Standalone-Ansible

 

If I run this playbook, I get the following output:

 

PLAY [Check Point test] ****************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************
ok: [10.0.18.84]

TASK [Save configuration] ******************************************************************************************************************************************************************************************
changed: [10.0.18.84]

PLAY RECAP *********************************************************************************************************************************************************************************************************
10.0.18.84 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

 

So, it seems to work, right? well, not really. If I log into the Check Point Smart Console, I see that the task is still "running" with a 10% completion. And it never finishes or even progresses, I've let it run for two days.

Now, if I change the playbook, specifically this option:

wait_for_task: no

to

wait_for_task: yes

then I get the following output:

PLAY [Check Point test] ****************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************
ok: [10.0.18.84]

TASK [Save configuration] ******************************************************************************************************************************************************************************************
fatal: [10.0.18.84]: FAILED! => {"changed": false, "msg": {"code": "generic_err_invalid_parameter", "message": "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is undefined.\nInvalid parameter for [task-id]. Invalid value"}}

PLAY RECAP *********************************************************************************************************************************************************************************************************
10.0.18.84 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

 

So, it failed, right? well, the Check Point Smart Console says that the task completed successfully, but since Ansible receives an error, the playbook stops.

Now: how do I solve this? it seems no matter what I do, I get an error somewhere and the script does not work. Thanks in advance for your help

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-05-20 02:28 PM

You might try changing the script to:

  • clish -c "save config"; exit

Of course, I'd be curious what other things you're trying to do that requires a save config.
Tagging @Or_Soffer also.

0 Kudos
GermanP
Explorer
‎2021-05-20 02:34 PM

Thanks for replying, however changing the script had no effect over the errors I get. I'm using "save config" more like a test command, however no matter what I try, even the simplest script,  ( "ls -l /" or "clish -c 'show configuration'") fails. In summary, I have not been able to run successfully any script using this Ansible module.

0 Kudos
GermanP
Explorer
‎2021-05-24 10:35 AM
In response to GermanP

Hi guys, any other ideas on this issue are welcome. I am inclined to think this is some kind of bug, but it seems strange to me that nobody seems to have reported it. Thanks for any help.

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events
    Top