cp_conf sic init 1234 norestart is not working via...

Aathi · ‎2019-07-17

Hi Team,

I am trying to reset the SIC without restart by using below command via ansible and getting the error .Kinldy help on this.

Playbook:

- name: SIC key generation
command: "{{ item }}"
with_items:

- /opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart
- /opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop"
- /opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd"

Error in ansible:

failed: [10.6 (item=/opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart) => {"changed": true, "cmd": ["/opt/CPshrd-R80/bin/cp_conf", "sic", "init", "Infy123+", "norestart"], "delta": "0:00:00.018486", "end": "2019-07-17 07:50:20.309823", "item": "/opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart", "msg": "non-zero return code", "rc": 127, "start": "2019-07-17 07:50:20.291337", "stderr": "/opt/CPshrd-R80/bin/cp_conf: error while loading shared libraries: libcpconfca.so: cannot open shared object file: No such file or directory", "stderr_lines": ["/opt/CPshrd-R80/bin/cp_conf: error while loading shared libraries: libcpconfca.so: cannot open shared object file: No such file or directory"], "stdout": "", "stdout_lines": []}

failed: (item=/opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop") => {"changed": true, "cmd": ["/opt/CPshrd-R80/bin/cpwd_admin", "stop", "-name", "CPD", "-path", "/opt/CPshrd-R80/bin/cpd_admin", "-command", "cpd_admin stop"], "delta": "0:00:00.019825", "end": "2019-07-17 07:50:20.956607", "item": "/opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path \"/opt/CPshrd-R80/bin/cpd_admin\" -command \"cpd_admin stop\"", "msg": "non-zero return code", "rc": 127, "start": "2019-07-17 07:50:20.936782", "stderr": "/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory", "stderr_lines": ["/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory"], "stdout": "", "stdout_lines": []}

failed: (item=/opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd") => {"changed": true, "cmd": ["/opt/CPshrd-R80/bin/cpwd_admin", "start", "-name", "CPD", "-path", "/opt/CPshrd-R80/bin/cpd", "-command", "cpd"], "delta": "0:00:00.019049", "end": "2019-07-17 07:50:21.613861", "item": "/opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path \"/opt/CPshrd-R80/bin/cpd\" -command \"cpd\"", "msg": "non-zero return code", "rc": 127, "start": "2019-07-17 07:50:21.594812", "stderr": "/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory", "stderr_lines": ["/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory"], "stdout": "", "stdout_lines": []}

Kinldy help on this.

Regards

Athimoolam.A

Timothy_Hall · ‎2019-07-17

You are missing various environment variables required cp_conf to run, namely $LD_LIBRARY_PATH.

Execute something like this prior to all the other commands and try again:

source /opt/CPshrd-R80/tmp/.CPprofile.sh

or

. /opt/CPshrd-R80/tmp/.CPprofile.sh

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Aathi · ‎2019-07-17

HI Timothy,

Thank you so much for your update.

I tried as below but still getting the error.

- name: SIC key generation
command: "{{ item }}"
with_items:
- ./opt/CPshrd-R80/tmp/.CPprofile.sh
- /opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart
- /opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop"
- /opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd"

Error:

failed: (item=./opt/CPshrd-R80/tmp/.CPprofile.sh) => {"changed": false, "cmd": "./opt/CPshrd-R80/tmp/.CPprofile.sh", "item": "./opt/CPshrd-R80/tmp/.CPprofile.sh", "msg": "[Errno 2] No such file or directory", "rc": 2}

Regards

Aathi

G_W_Albrecht · ‎2019-07-17

It is really the file $CPDIR/conf/.CPprofile.sh, that is /var/opt/CPshrd-R80.30/conf/.CPprofile.sh !!!

Aathi · ‎2019-07-17

Hi Albrecht,

Still i am getting the same error.Kinldy help on this.
failed: [10.66.40.162] (item=./var/opt/CPshrd-R80.30/conf/.CPprofile.sh) => {"changed": false, "cmd": "./var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "item": "./var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "msg": "[Errno 2] No such file or directory", "rc": 2}

Regards
Aathi

Timothy_Hall · ‎2019-07-17

The space after the period matters:

. /var/opt/CPshrd-R80.30/conf/.CPprofile.sh

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Aathi · ‎2019-07-17

Hi Hall,

Getting the below error now
failed: [10.66.40.162] (item=. /var/opt/CPshrd-R80.30/conf/.CPprofile.sh) => {"changed": false, "cmd": ". /var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "item": ". /var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "msg": "[Errno 13] Permission denied", "rc": 13}

Please help on this,

Regards
Aathi

Timothy_Hall · ‎2019-07-18

Try:

source /var/opt/CPshrd-R80.30/conf/.CPprofile.sh

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Aathi · ‎2019-07-18

Hi
Please find the below error:
ASK [SIC key generation] **********************************************************************************************************************************************
[WARNING]: sftp transfer mechanism failed on [10.66.40.162]. Use ANSIBLE_DEBUG=1 to see detailed information

fatal: [10.66.40.162]: FAILED! => {"changed": false, "cmd": "source /var/opt/CPshrd-R80/conf/.CPprofile.sh", "msg": "[Errno 2] No such file or directory", "rc": 2}
...ignoring

TASK [2nd command] *****************************************************************************************************************************************************
[WARNING]: sftp transfer mechanism failed on [10.66.40.162]. Use ANSIBLE_DEBUG=1 to see detailed information

fatal: [10.66.40.162]: FAILED! => {"changed": false, "cmd": "cp_conf sic init abc123 norestart", "msg": "[Errno 2] No such file or directory", "rc": 2}
...ignoring

Plybook:
- hosts: "Gaia"
gather_facts: no
connection: local
ignore_errors: True
tasks:
- name: "SIC key generation"
command: source /var/opt/CPshrd-R80/conf/.CPprofile.sh
- name: " 2nd command"
command: cp_conf sic init abc123 norestart

Timothy_Hall · ‎2019-07-18

Please read my last post again. You are using the wrong directory path.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Aathi · ‎2019-07-18

Hi
I am using R80.10 gateway.Plese find the below manual output.
[Expert@NTEG:0]# cat /var/opt/CPshrd-R80.30/conf/.CPprofile.sh
cat: /var/opt/CPshrd-R80.30/conf/.CPprofile.sh: No such file or directory
[Expert@NTEG:0]# cat /var/opt/CPshrd-R80/conf/.CPprofile.sh
. /opt/CPshrd-R80/scripts/cpprofile_functions.sh
_cpprof_add CPDIR /opt/CPshrd-R80 1 1
_cpprof_dir PATH $CPDIR/util 1
_cpprof_add CPAPACHEDIR "/opt/CPshrd-R80/web/Apache" 1 1
#CPPostgreSQL Start DON'T REMOVE MANUALLY
PG_LIB_PATH=$CPDIR/database/postgresql/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PG_LIB_PATH ; export LD_LIBRARY_PATH
#CPPostgreSQL End DON'T REMOVE MANUALLY
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${CPDIR}/lib64 ; export LD_LIBRARY_PATH
_cpprof_add FWDIR "/opt/CPsuite-R80/fw1" 1 1
_cpprof_add MDS_FWDIR "/opt/CPsuite-R80/fw1" 0 0
_cpprof_add CPMDIR "/opt/CPsuite-R80/fw1" 0 0
_cpprof_add SUDIR "/opt/CPsuite-R80/fw1/sup" 0 0
_cpprof_add SUROOT "/var/log/cpupgrade/suroot" 0 0
_cpprof_add FW_BOOT_DIR "/etc/fw.boot" 0 0
_cpprof_add NGM_SOLR_LOCAL_PATH "/opt/CPsuite-R80/fw1/Solr" 0 0
_cpprof_add JAVA_HOME "/opt/CPsuite-R80/fw1/jre" 1 0
_cpprof_add NGM_MEM "2048" 0 0
_cpprof_add PGDIR "/opt/CPshrd-R80/database/postgresql" 0 0
_cpprof_add PGDATA "/opt/CPshrd-R80/database/postgresql/data" 0 0
_cpprof_add DONT_LOAD_FWM_OBJECTS "1" 0 0
_cpprof_add CLASSPATH "/opt/CPsuite-R80/fw1/ngm" 0 0
LD_LIBRARY_PATH=/opt/uf/SecureComputing/lib:${LD_LIBRARY_PATH} ; export LD_LIBRARY_PATH ; hash 1>/dev/null 2>&1
UCPORTALDIR_HOME=/opt/CPUserCheckPortal ; export UCPORTALDIR_HOME ; hash 1>/dev/null 2>&1
DLPDIR=/opt/CPsuite-R80/fw1/dlp ; export DLPDIR
PATH=${PATH}:${FWDIR}/oracle_oi/sdk ; export PATH ; hash 1>/dev/null 2>&1
LD_LIBRARY_PATH=${FWDIR}/oracle_oi/sdk:${LD_LIBRARY_PATH} ; export LD_LIBRARY_PATH ; hash 1>/dev/null 2>&1
POSTFIX_DIR=/opt/postfix ; export POSTFIX_DIR ; hash 1>/dev/null 2>&1
MAIL_CONFIG=/opt/postfix/etc/postfix ; export MAIL_CONFIG ; hash 1>/dev/null 2>&1
_cpprof_add JAVA_HOME "/opt/CPshrd-R80/jre_32" 1 0
_cpprof_add JAVA_HOME_32 "/opt/CPshrd-R80/jre_32" 0 0
_cpprof_add JAVA_HOME_64 "/opt/CPshrd-R80/jre_64" 0 0
_cpprof_add JETTY_HOME "/opt/CPshrd-R80/jetty" 0 0
_cpprof_add FGDIR "/opt/CPsuite-R80/fg1" 1 1
_cpprof_add DADIR "/opt/CPda" 1 0
_cpprof_add INFODIR "/opt/CPinfo-10" -1 0

Please help me on this

Timothy_Hall · ‎2019-07-18

source /var/opt/CPshrd-R80.10/conf/.CPprofile.sh

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Aathi · ‎2019-07-18

Please find the blow output
[Expert@INTEG:0]# fw ver
This is Check Point's software version R80.10 - Build 435
[Expert@INTEG:0]# source /var/opt/CPshrd-R80.10/conf/.CPprofile.sh
-bash: /var/opt/CPshrd-R80.10/conf/.CPprofile.sh: No such file or directory
[Expert@INTEG:0]# cd /var/opt/
[Expert@INTEG:0]# ls
CPshrd-R80 CPsuite-R80 fw.boot uf

Timothy_Hall · ‎2019-07-18

source /var/opt/CPshrd-R80/conf/.CPprofile.sh

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Aathi · ‎2019-07-18

i tried this command already on previous post getting the same error.Please help me to close this issue.

Aathi · ‎2019-07-18

HI

The below format is working for me.

with_items:
- clish -c 'cp_conf sic init abc123 norestart'
- clish -c 'cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"'
- clish -c 'cpstart'

Anyhow .Please let me know is there any other way to make it work for below commands.

/opt/CPshrd-R80/bin/cp_conf sic init abc123 norestart
/opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop"
/opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd"

Regards

Athimoolam.A

cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible

Re: cp_conf sic init 1234 norestart is not working via ansible