This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mechanix
Explorer
yesterday

check_point.gaia.cp_gaia_radius_server doesn't work in a loop

We have a simple compliance ansible role that checks if the radius servers on the nodes are correctly configured. If this is not the case, the role will add the radius servers accordingly.

Here is a snippet of the role:

 

vars:

  radius_server:
    - address: "10.10.10.1"
      port: "1812"
      priority: "10"
      timeout: "3"
    - address: "10.10.10.2"
      port: "1812"
      priority: "20"
      timeout: "3"
  radius_default_shell: "cli"
  radius_super_user_uid: "0"

tasks:
  - name: Get RADIUS servers settings
    check_point.gaia.cp_gaia_radius_server_facts:
    register: radius
    tags:
      - always

  - name: Add missing RADIUS servers
    check_point.gaia.cp_gaia_radius_server:
      default_shell: "{{ radius_default_shell }}"
      super_user_uid: "{{ radius_super_user_uid }}"
      servers:
        - priority: "{{ item.priority }}"
          address: "{{ item.address }}"
          port: "{{ item.port }}"
          timeout: "{{ item.timeout }}"
          secret: "{{ radius_secret }}"
    loop: "{{ radius_server }}"
    when: >
      item.address not in (radius.ansible_facts.servers |default([]) | map(attribute='address') | list)
    register: added_servers

 

 

The task iterates through the radius_servers vars correctly:

 

TASK [cp_compliance_radius : Add missing RADIUS servers] ************************************************************************************************************************************************************
changed: [gaia_node1] => (item={'address': '10.10.10.1', 'port': '1812', 'priority': '10', 'timeout': '3'})
changed: [gaia_node1] => (item={'address': '10.10.10.2', 'port': '1812', 'priority': '20', 'timeout': '3'})

 

 but instead of adding each server, the module overwrites the radius entries leaving only the last one in the loop active in the configuration:

 

show configuration

add aaa radius-servers priority 20 host 10.10.10.2 port 1812 secret ***** timeout 3
set aaa radius-servers default-shell /etc/cli.sh
set aaa radius-servers super-user-uid 0

 

 

Versions:

 

check_point.gaia              5.0.1

ansible [core 2.15.12]
python version = 3.9.19 (main, May 16 2024, 08:45:40) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)]
jinja version = 3.1.4
libyaml = True

OS: Gaia R81.20

 

0 Kudos
0 Replies
Upcoming Events

    CheckMates Events