This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_
Advisor
Tuesday

ansible-playbook --diff --check parameters are not working

Hello ansible users!

I used --check for an ansible-playbook (check_point.gaia.cp_gaia_password_policy). Ansible should just check it and not change anything. I was surprised that the configuration has been changed.

Also --diff didn't show any changes.

Are those parameters not available? How can we use ansible in production if you can not check which changes will be made during the next run?

Bye

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
yesterday

What is the playbook you were running?

0 Kudos
Daniel_
Advisor
yesterday
In response to PhoneBoy

I tried it with

- name: OS Modification
  gather_facts: false
  hosts: all
  connection: httpapi
  tasks:
    - name: Change password policy
      check_point.gaia.cp_gaia_password_policy:
        lock_settings: {
          'password_expiration_days': 60
        }
0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to Daniel_

Maybe @Eden_Brillant has a suggestion here, but it seems like this might be a bug.
What version of management is involved here as well as the version of the Ansible Gaia Collection used.

0 Kudos
Daniel_
Advisor
yesterday
In response to PhoneBoy

@PhoneBoy wrote:

What version of management is involved here as well as the version of the Ansible Gaia Collection used.

The gateway is R81.20. Or which version do you mean with management? I use check_point.gaia....

Ansible collections are

$ ansible-galaxy collection list |grep check
check_point.gaia                         7.0.0  
check_point.mgmt                         6.3.0

 

0 Kudos
Eden_Brillant
Employee
Employee
17 hours ago
In response to PhoneBoy

@Majd_Sharkia for GAIA collection

0 Kudos
Daniel_
Advisor
10 hours ago
In response to Eden_Brillant

From the source --check should be supported
https://github.com/CheckPointSW/CheckPointAnsibleGAIACollection/blob/v7.0.0/plugins/modules/cp_gaia_...

And cp_gaia_snmp_user is also not working (and documented with cp_snmp_gaia_user) 😪

0 Kudos
Majd_Sharkia
Employee
Employee
5 hours ago

Hi Daniel, From a quick check, it seems that Gaia Collection doesn't support that, although it's documented as it's supported. (Sorry for that)

We will check that and add it to our roadmap for adding/fixing this support in the next releases.

 

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events