This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_
Advisor
‎2025-03-18 07:53 AM
Jump to solution

ansible-playbook --diff --check parameters are not working

Hello ansible users!

I used --check for an ansible-playbook (check_point.gaia.cp_gaia_password_policy). Ansible should just check it and not change anything. I was surprised that the configuration has been changed.

Also --diff didn't show any changes.

Are those parameters not available? How can we use ansible in production if you can not check which changes will be made during the next run?

Bye

0 Kudos
2 Solutions

Accepted Solutions
Majd_Sharkia
Employee
Employee
‎2025-03-20 11:48 AM
Jump to solution

Hi Daniel, From a quick check, it seems that Gaia Collection doesn't support that, although it's documented as it's supported. (Sorry for that)

We will check that and add it to our roadmap for adding/fixing this support in the next releases.

 

View solution in original post

Sergei_Shir
Employee
Employee
‎2025-07-03 06:30 AM
In response to Majd_Sharkia
Jump to solution

This issue was documented in sk183620 - you will see the final changes ~15 minutes from now

View solution in original post

0 Kudos
(1)
14 Replies
PhoneBoy
Admin
Admin
‎2025-03-19 06:44 AM
Jump to solution

What is the playbook you were running?

0 Kudos
Daniel_
Advisor
‎2025-03-19 07:20 AM
In response to PhoneBoy
Jump to solution

I tried it with

- name: OS Modification
  gather_facts: false
  hosts: all
  connection: httpapi
  tasks:
    - name: Change password policy
      check_point.gaia.cp_gaia_password_policy:
        lock_settings: {
          'password_expiration_days': 60
        }
0 Kudos
PhoneBoy
Admin
Admin
‎2025-03-19 08:47 AM
In response to Daniel_
Jump to solution

Maybe @Eden_Brillant has a suggestion here, but it seems like this might be a bug.
What version of management is involved here as well as the version of the Ansible Gaia Collection used.

0 Kudos
Daniel_
Advisor
‎2025-03-19 08:53 AM
In response to PhoneBoy
Jump to solution

@PhoneBoy wrote:

What version of management is involved here as well as the version of the Ansible Gaia Collection used.

The gateway is R81.20. Or which version do you mean with management? I use check_point.gaia....

Ansible collections are

$ ansible-galaxy collection list |grep check
check_point.gaia                         7.0.0  
check_point.mgmt                         6.3.0

 

0 Kudos
Eden_Brillant
Employee
Employee
‎2025-03-20 12:01 AM
In response to PhoneBoy
Jump to solution

@Majd_Sharkia for GAIA collection

0 Kudos
Daniel_
Advisor
‎2025-03-20 07:00 AM
In response to Eden_Brillant
Jump to solution

From the source --check should be supported
https://github.com/CheckPointSW/CheckPointAnsibleGAIACollection/blob/v7.0.0/plugins/modules/cp_gaia_...

And cp_gaia_snmp_user is also not working (and documented with cp_snmp_gaia_user) 😪

0 Kudos
Majd_Sharkia
Employee
Employee
‎2025-03-20 11:48 AM
Jump to solution

Hi Daniel, From a quick check, it seems that Gaia Collection doesn't support that, although it's documented as it's supported. (Sorry for that)

We will check that and add it to our roadmap for adding/fixing this support in the next releases.

 

Sergei_Shir
Employee
Employee
‎2025-07-03 06:30 AM
In response to Majd_Sharkia
Jump to solution

This issue was documented in sk183620 - you will see the final changes ~15 minutes from now

0 Kudos
(1)
Daniel_
Advisor
4 weeks ago
In response to Sergei_Shir
Jump to solution

If someone tries to open a SR for this: Don't waste you time. I already opened one. It's was closed, because it's an RFE now 😞

0 Kudos
mib1185
Participant
9 hours ago
In response to Sergei_Shir
Jump to solution

Sorry, but is this serious?

The cause is "the docs mistakenly shows that it supports the check mode" and the solution is "check mode is not support, please open an Request for Enhancement"

What about (at least) adjusting the documention of this ansible collection, so it doesn't mention the check mode as supported anymore?

0 Kudos
_Val_
Admin
Admin
7 hours ago
In response to mib1185
Jump to solution

@mib1185 I admire your passion.

However, are you sure the issue is not already fixed in the Ansible Galaxy documentation? I just checked and did not find any documentation reference to "--check" support other than an issue notification there.

Do I miss something here?

0 Kudos
mib1185
Participant
6 hours ago
In response to _Val_
Jump to solution

Hi @_Val_ 

each single module documentation mentions "Supports check_mode" under the Notes section - eq. cp_gaia_alias_interface (but also all other module docs) as the docs on Ansible Galaxy are taken from the source repository. But not only the documentation mentions it, also the code itself still enables the check mode support for each module (see here)

Regards,
Michael

0 Kudos
Daniel_
Advisor
6 hours ago
In response to _Val_
Jump to solution

It's still documented

https://galaxy.ansible.com/ui/repo/published/check_point/gaia/content/module/cp_gaia_password_policy...

It would be great to get a fix for this and not just a modification in the documentation. Using Ansible without check mode greatly reduces the advantages of Ansible.

mib1185
Participant
6 hours ago
In response to _Val_
Jump to solution

but yeah, I fully agree with @Daniel_ : "... Using Ansible without check mode greatly reduces the advantages of Ansible."

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events