This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
thki
Explorer
‎2020-08-28 07:09 AM

Server returned response without token info during connection authentication

Hi all


My first post in checkmates forum so be gentle 😉


Trying to connect to Gaia rest api with ansible


Inventory :

[test:vars]
checkpoint ansible_host=XXXXXXX
ansible_user='XXXXXXXXX'
ansible_password='XXXXXXXXXXX'
ansible_network_os=checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
XXXXXXX


Playbook:

---
- hosts: test
connection: httpapi
gather_facts: false
tasks:
- name: collect-host facts
cp_mgmt_host_facts:
details_level: standard
limit: 50
offset: 0


I get this response :


PLAY [test] *******************************************************************************************************************************************************************************************************************************************************************

TASK [collect-host facts] *****************************************************************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [XXXXXXX]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 102, in <module>\n _ansiballz_main()\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host_facts', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python2.7/runpy.py\", line 176, in run_module\n fname, loader, pkg_name)\n File \"/usr/lib64/python2.7/runpy.py\", line 82, in _run_module_code\n mod_name, mod_fname, mod_loader, pkg_name)\n File \"/usr/lib64/python2.7/runpy.py\", line 72, in _run_code\n exec code in run_globals\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py\", line 131, in <module>\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py\", line 126, in main\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 179, in api_call_facts\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 56, in send_request\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
XXXXXXX : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

 

# ansible --version
ansible 2.9.12
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/user/thki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

 

Ive verified that I can connect to api via curl and get token back? Our checkpoint administrator can see login and logoff on management server?

 

Kind Regards

Thomas

6 Replies
PhoneBoy
Admin
Admin
‎2020-08-28 11:42 PM

What precise version of Check Point Management (with JHF level) are you connecting with?
Believe for Ansible, it should be R80.20+ with a recent JHF installed.

0 Kudos
thki
Explorer
‎2020-08-30 11:43 PM
In response to PhoneBoy

we are running R80.30+ jumbo 155

0 Kudos
mervin16
Participant
‎2020-11-07 07:09 AM
In response to thki

Did someone find a fix for this ? I am facing the same issue on R80.40:

This is Check Point Security Management Server R80.40 - Build 150
This is Check Point's software version R80.40 - Build 685

Can someone please help ?

0 Kudos
Sigbjorn
Advisor
Advisor
‎2020-11-07 07:37 AM
In response to mervin16

Did you enable the API and allow access for the ip/subnet you are connecting from?

What does the output from a simple curl test say?

curl https://<mgmtip>/web_api/login -H 'Content-Type: application/json' -d '{"user":"xxx", "password":"xxx" }' -kv

0 Kudos
Jim_Oqvist
Employee
Employee
‎2020-11-07 12:42 PM
In response to mervin16

Hi,

Not sure if you are trying to use the gaia collection that leverages the gaia API or the mgmt collection that leverages the Management API.
The playbook in in the start of this thread is using a module from the mgmt collection that leverages the Management API.

Anyway
I recommend to take a look at the Read Me under: https://galaxy.ansible.com/check_point/mgmt
I recommend to download the latest collection from galaxy.
Here is a updated working example using the mgmt collection from galaxy:

/etc/ansible/hosts

[test:vars]
ansible_user=api_user # Admin username on management server
ansible_password=vpn123 # Admin password on management server
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
192.168.233.71 # IP of the Check Point management server

 

The playbook using the collection from galaxy

---
- hosts: test
  connection: httpapi
  gather_facts: false
  tasks:
    - name: collect-host facts
      check_point.mgmt.cp_mgmt_host_facts:
        details_level: standard
        limit: 50
        offset: 0

 

Kind Regards
Jim

0 Kudos
Jim_Oqvist
Employee
Employee
‎2020-11-07 01:52 PM
In response to Jim_Oqvist

In addition, take a look at my response here to ensure you are not encountering the problem I am mentioning in that response

https://community.checkpoint.com/t5/Ansible/Ansible-Connection-Error/m-p/101387/highlight/true#M400

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events