Solved: Write multiple clish commands in Ansible task

Hugo_vd_Kooij · ‎2023-04-14

Hi,

I treied to use the shell with the clish interpreter to execute multiple clish commands.

But so far it did not result in a working setup. The tasks itself gives no errors.

- name: AddHostClish
  ansible.builtin.shell: |
    add host hostname {{ inventory_hostname }} ipv4-address ipv4-address ansible_default_ipv4.address
    add host hostname {{ inventory_hostname }}.local ipv4-address ipv4-address ansible_default_ipv4.address
    save config
  args:
    executable: /usr/bin/clish

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Erik_Lagzdins · ‎2023-07-25

As mentioned previously, using the Gaia modules is the preferred method to accomplish the task.

If using Gaia modules is not possible, then you can use the shell module and expand on the example I've provided below.

     - name: "Apply Clish DNS Configurations"
       shell: "{{ item }}"
       with_items:
         - clish -c 'set dns primary 1.1.1.1' -s
         - clish -c 'set dns secondary 2.2.2.2' -s

View solution in original post

PhoneBoy · ‎2023-04-14

You realize there is an Ansible collection for Gaia itself, right?
https://galaxy.ansible.com/check_point/gaia

Hugo_vd_Kooij · ‎2023-04-16

Yes, I am aware of them. But they don't cover all of my use cases.

To be honest not all firewall are up to spec.(R77.30 is pre API anyway.) And some features are not implemented. And some implemented in an impractical way.

For example cp_gaia_put_file only allows you to insert a file with the text as variable. Not a very practical job in my view.

So as it stands I have to rely on running clich commands by a user that has bash as it's default shell.

THe actual clish command's are just a test case.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Hugo_vd_Kooij · ‎2023-04-17

Somehow I had to use the long form commands with `clish -c` in front of each command and skip the use of clish as interpretor.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Erik_Lagzdins · ‎2023-07-25

As mentioned previously, using the Gaia modules is the preferred method to accomplish the task.

If using Gaia modules is not possible, then you can use the shell module and expand on the example I've provided below.

     - name: "Apply Clish DNS Configurations"
       shell: "{{ item }}"
       with_items:
         - clish -c 'set dns primary 1.1.1.1' -s
         - clish -c 'set dns secondary 2.2.2.2' -s

FWA-BD · ‎2023-12-12

Hi Erik,

if I try your approach, the I get following error:

/bin/bash: line 1: clish: command not found.

My playbook:

---
# version 2312121007

- name: Set LLDP to on
  hosts: FW
  
  tasks:
  - name: Set LLDP on management server
    ansible.builtin.shell: "{{item}}"
    with_items:
      - clish -c "set lldp state on"
      - clish -c "save config"
    
    args:
      executable: /bin/bash

My host file:

[FW]
x.x.x.x

[FW:vars]
ansible_connection=httpapi
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_network_os=checkpoint

What am I doing wrong?

Thanks!

Ofir_Shikolski · ‎2023-12-13

you will need to load the profiles.

try to load one of the below:

source /etc/rc.d/init.d/functions

source /etc/profile.d/CP.sh

source /opt/CPshared/5.0/tmp/.CPprofile.sh

source /opt/CPshared/5.0/tmp/.CPprofile.sh && clish -c "command"

FWA-BD · ‎2023-12-13

Thanks for the quick response. I have a look into that next week

Erik_Lagzdins · ‎2023-12-15

This error is happening because of your FW:vars. Remove "ansible_connection=httpapi" and it should work.

I recommend adding the "ansible_connection=httpapi" variable only to specific playbooks that use the Check Point Gaia/Mgmt Ansible modules. When using a built-in basic Ansible module like command or shell, it's not needed.

FWA-BD · ‎2023-12-17

Hi Erik,

thanks for the answer. This is what you get if you don't have your caffeine levels right

Are you a member of CheckMates?

Write multiple clish commands in Ansible task