This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aathi
Contributor
‎2019-07-17 04:58 AM

cp_conf sic init 1234 norestart is not working via ansible

Hi Team,

 

I am trying to reset the SIC without restart by using below command via ansible and getting the error .Kinldy help on this.

 

Playbook:

- name: SIC key generation
command: "{{ item }}"
with_items:

- /opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart
- /opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop"
- /opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd"

 

Error in ansible:

failed: [10.6 (item=/opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart) => {"changed": true, "cmd": ["/opt/CPshrd-R80/bin/cp_conf", "sic", "init", "Infy123+", "norestart"], "delta": "0:00:00.018486", "end": "2019-07-17 07:50:20.309823", "item": "/opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart", "msg": "non-zero return code", "rc": 127, "start": "2019-07-17 07:50:20.291337", "stderr": "/opt/CPshrd-R80/bin/cp_conf: error while loading shared libraries: libcpconfca.so: cannot open shared object file: No such file or directory", "stderr_lines": ["/opt/CPshrd-R80/bin/cp_conf: error while loading shared libraries: libcpconfca.so: cannot open shared object file: No such file or directory"], "stdout": "", "stdout_lines": []}


failed:  (item=/opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop") => {"changed": true, "cmd": ["/opt/CPshrd-R80/bin/cpwd_admin", "stop", "-name", "CPD", "-path", "/opt/CPshrd-R80/bin/cpd_admin", "-command", "cpd_admin stop"], "delta": "0:00:00.019825", "end": "2019-07-17 07:50:20.956607", "item": "/opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path \"/opt/CPshrd-R80/bin/cpd_admin\" -command \"cpd_admin stop\"", "msg": "non-zero return code", "rc": 127, "start": "2019-07-17 07:50:20.936782", "stderr": "/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory", "stderr_lines": ["/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory"], "stdout": "", "stdout_lines": []}


failed:  (item=/opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd") => {"changed": true, "cmd": ["/opt/CPshrd-R80/bin/cpwd_admin", "start", "-name", "CPD", "-path", "/opt/CPshrd-R80/bin/cpd", "-command", "cpd"], "delta": "0:00:00.019049", "end": "2019-07-17 07:50:21.613861", "item": "/opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path \"/opt/CPshrd-R80/bin/cpd\" -command \"cpd\"", "msg": "non-zero return code", "rc": 127, "start": "2019-07-17 07:50:21.594812", "stderr": "/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory", "stderr_lines": ["/opt/CPshrd-R80/bin/cpwd_admin: error while loading shared libraries: libcpwd_is.so: cannot open shared object file: No such file or directory"], "stdout": "", "stdout_lines": []}

 

Kinldy help on this.

 

Regards

Athimoolam.A

0 Kudos
15 Replies
Timothy_Hall
Legend Legend
Legend
‎2019-07-17 05:08 AM

You are missing various environment variables required cp_conf to run, namely $LD_LIBRARY_PATH.

Execute something like this prior to all the other commands and try again:

source  /opt/CPshrd-R80/tmp/.CPprofile.sh

or

.  /opt/CPshrd-R80/tmp/.CPprofile.sh

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Aathi
Contributor
‎2019-07-17 05:41 AM
In response to Timothy_Hall

HI Timothy,

 

Thank you so much for your update.

I tried as below but still getting the error.

 

- name: SIC key generation
command: "{{ item }}"
with_items:
- ./opt/CPshrd-R80/tmp/.CPprofile.sh
- /opt/CPshrd-R80/bin/cp_conf sic init Infy123+ norestart
- /opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop"
- /opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd"

 

 

Error:

failed:  (item=./opt/CPshrd-R80/tmp/.CPprofile.sh) => {"changed": false, "cmd": "./opt/CPshrd-R80/tmp/.CPprofile.sh", "item": "./opt/CPshrd-R80/tmp/.CPprofile.sh", "msg": "[Errno 2] No such file or directory", "rc": 2}

Regards

Aathi

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-07-17 05:48 AM
In response to Aathi

It is really the file  $CPDIR/conf/.CPprofile.sh, that  is /var/opt/CPshrd-R80.30/conf/.CPprofile.sh !!!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Aathi
Contributor
‎2019-07-17 06:03 AM
In response to G_W_Albrecht

Hi Albrecht,

Still i am getting the same error.Kinldy help on this.
failed: [10.66.40.162] (item=./var/opt/CPshrd-R80.30/conf/.CPprofile.sh) => {"changed": false, "cmd": "./var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "item": "./var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "msg": "[Errno 2] No such file or directory", "rc": 2}

Regards
Aathi
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-17 06:05 AM
In response to Aathi

The space after the period matters:

.   /var/opt/CPshrd-R80.30/conf/.CPprofile.sh

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Aathi
Contributor
‎2019-07-17 09:36 PM
In response to Timothy_Hall

Hi Hall,

Getting the below error now
failed: [10.66.40.162] (item=. /var/opt/CPshrd-R80.30/conf/.CPprofile.sh) => {"changed": false, "cmd": ". /var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "item": ". /var/opt/CPshrd-R80.30/conf/.CPprofile.sh", "msg": "[Errno 13] Permission denied", "rc": 13}

Please help on this,

Regards
Aathi
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-18 05:35 AM
In response to Aathi

Try:

source  /var/opt/CPshrd-R80.30/conf/.CPprofile.sh

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Aathi
Contributor
‎2019-07-18 08:34 AM
In response to Timothy_Hall

Hi
Please find the below error:
ASK [SIC key generation] **********************************************************************************************************************************************
[WARNING]: sftp transfer mechanism failed on [10.66.40.162]. Use ANSIBLE_DEBUG=1 to see detailed information

fatal: [10.66.40.162]: FAILED! => {"changed": false, "cmd": "source /var/opt/CPshrd-R80/conf/.CPprofile.sh", "msg": "[Errno 2] No such file or directory", "rc": 2}
...ignoring

TASK [2nd command] *****************************************************************************************************************************************************
[WARNING]: sftp transfer mechanism failed on [10.66.40.162]. Use ANSIBLE_DEBUG=1 to see detailed information

fatal: [10.66.40.162]: FAILED! => {"changed": false, "cmd": "cp_conf sic init abc123 norestart", "msg": "[Errno 2] No such file or directory", "rc": 2}
...ignoring

Plybook:
- hosts: "Gaia"
gather_facts: no
connection: local
ignore_errors: True
tasks:
- name: "SIC key generation"
command: source /var/opt/CPshrd-R80/conf/.CPprofile.sh
- name: " 2nd command"
command: cp_conf sic init abc123 norestart
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-18 08:37 AM
In response to Aathi

Please read my last post again.  You are using the wrong directory path.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Aathi
Contributor
‎2019-07-18 08:54 AM
In response to Timothy_Hall

Hi
I am using R80.10 gateway.Plese find the below manual output.
[Expert@NTEG:0]# cat /var/opt/CPshrd-R80.30/conf/.CPprofile.sh
cat: /var/opt/CPshrd-R80.30/conf/.CPprofile.sh: No such file or directory
[Expert@NTEG:0]# cat /var/opt/CPshrd-R80/conf/.CPprofile.sh
. /opt/CPshrd-R80/scripts/cpprofile_functions.sh
_cpprof_add CPDIR /opt/CPshrd-R80 1 1
_cpprof_dir PATH $CPDIR/util 1
_cpprof_add CPAPACHEDIR "/opt/CPshrd-R80/web/Apache" 1 1
#CPPostgreSQL Start DON'T REMOVE MANUALLY
PG_LIB_PATH=$CPDIR/database/postgresql/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PG_LIB_PATH ; export LD_LIBRARY_PATH
#CPPostgreSQL End DON'T REMOVE MANUALLY
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${CPDIR}/lib64 ; export LD_LIBRARY_PATH
_cpprof_add FWDIR "/opt/CPsuite-R80/fw1" 1 1
_cpprof_add MDS_FWDIR "/opt/CPsuite-R80/fw1" 0 0
_cpprof_add CPMDIR "/opt/CPsuite-R80/fw1" 0 0
_cpprof_add SUDIR "/opt/CPsuite-R80/fw1/sup" 0 0
_cpprof_add SUROOT "/var/log/cpupgrade/suroot" 0 0
_cpprof_add FW_BOOT_DIR "/etc/fw.boot" 0 0
_cpprof_add NGM_SOLR_LOCAL_PATH "/opt/CPsuite-R80/fw1/Solr" 0 0
_cpprof_add JAVA_HOME "/opt/CPsuite-R80/fw1/jre" 1 0
_cpprof_add NGM_MEM "2048" 0 0
_cpprof_add PGDIR "/opt/CPshrd-R80/database/postgresql" 0 0
_cpprof_add PGDATA "/opt/CPshrd-R80/database/postgresql/data" 0 0
_cpprof_add DONT_LOAD_FWM_OBJECTS "1" 0 0
_cpprof_add CLASSPATH "/opt/CPsuite-R80/fw1/ngm" 0 0
LD_LIBRARY_PATH=/opt/uf/SecureComputing/lib:${LD_LIBRARY_PATH} ; export LD_LIBRARY_PATH ; hash 1>/dev/null 2>&1
UCPORTALDIR_HOME=/opt/CPUserCheckPortal ; export UCPORTALDIR_HOME ; hash 1>/dev/null 2>&1
DLPDIR=/opt/CPsuite-R80/fw1/dlp ; export DLPDIR
PATH=${PATH}:${FWDIR}/oracle_oi/sdk ; export PATH ; hash 1>/dev/null 2>&1
LD_LIBRARY_PATH=${FWDIR}/oracle_oi/sdk:${LD_LIBRARY_PATH} ; export LD_LIBRARY_PATH ; hash 1>/dev/null 2>&1
POSTFIX_DIR=/opt/postfix ; export POSTFIX_DIR ; hash 1>/dev/null 2>&1
MAIL_CONFIG=/opt/postfix/etc/postfix ; export MAIL_CONFIG ; hash 1>/dev/null 2>&1
_cpprof_add JAVA_HOME "/opt/CPshrd-R80/jre_32" 1 0
_cpprof_add JAVA_HOME_32 "/opt/CPshrd-R80/jre_32" 0 0
_cpprof_add JAVA_HOME_64 "/opt/CPshrd-R80/jre_64" 0 0
_cpprof_add JETTY_HOME "/opt/CPshrd-R80/jetty" 0 0
_cpprof_add FGDIR "/opt/CPsuite-R80/fg1" 1 1
_cpprof_add DADIR "/opt/CPda" 1 0
_cpprof_add INFODIR "/opt/CPinfo-10" -1 0

Please help me on this
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-18 09:06 AM
In response to Aathi

source  /var/opt/CPshrd-R80.10/conf/.CPprofile.sh

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Aathi
Contributor
‎2019-07-18 09:35 AM
In response to Timothy_Hall

Please find the blow output
[Expert@INTEG:0]# fw ver
This is Check Point's software version R80.10 - Build 435
[Expert@INTEG:0]# source /var/opt/CPshrd-R80.10/conf/.CPprofile.sh
-bash: /var/opt/CPshrd-R80.10/conf/.CPprofile.sh: No such file or directory
[Expert@INTEG:0]# cd /var/opt/
[Expert@INTEG:0]# ls
CPshrd-R80 CPsuite-R80 fw.boot uf
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-18 10:08 AM
In response to Aathi

source   /var/opt/CPshrd-R80/conf/.CPprofile.sh

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Aathi
Contributor
‎2019-07-18 10:11 AM
In response to Timothy_Hall

i tried this command already on previous post getting the same error.Please help me to close this issue.
0 Kudos
Aathi
Contributor
‎2019-07-18 08:21 PM
In response to Aathi

HI 

The below format is working for me.

with_items:
- clish -c 'cp_conf sic init abc123 norestart'
- clish -c 'cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"'
- clish -c 'cpstart'

Anyhow .Please let me know is there any other way to make it work for below commands.

/opt/CPshrd-R80/bin/cp_conf sic init abc123 norestart
/opt/CPshrd-R80/bin/cpwd_admin stop -name CPD -path "/opt/CPshrd-R80/bin/cpd_admin" -command "cpd_admin stop"
/opt/CPshrd-R80/bin/cpwd_admin start -name CPD -path "/opt/CPshrd-R80/bin/cpd" -command "cpd"

 

Regards

Athimoolam.A

 

 

 

 

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events