Re: cp_mgmt_run_script module 5 minute runtime tim...

Simon_Macpherso · ‎2021-05-27

The following appears to be a limitation with the checkpoint API run-script endpoint.

I have opened an RFE with Checkpoint for this but no ETA.

This may be related to sk160753 which is a known limitation that has existed since R80.10.

PRHF-14607 :

"Running a one time script on a Security Gateway (that reads files or outputs of commands) using a "One Time Script" feature in SmartConsole or with API may fail after 5 minutes with the "Operation timed out" error.
The limit for reading files is 9,730 lines or 730 KB (whichever is reached first)."

Do you know of a workaround that will allow me to run a script that has a runtime duration of 300 seconds or greater?

-------------------------------------------------------------------------------------------------------------------------------------

Whilst running a playbook from the command line, the run script task (check_point.mgmt.cp_mgmt_run_script) operation times out after 300 seconds and Ansible reports the task as failed.

The task continues to run in he background and completes successfully.

-------------------------------------------------------------------------------------------------------------------------------------

Playbook contents

hosts: all
connection: httpapi
tasks:
- name: save configuration
  check_point.mgmt.cp_mgmt_run_script:
  script_name: "save configuration"
  script: /usr/tmp/scripts/backup/gateway-save-configuration.sh
  targets:
  - "target-01"

-------------------------------------------------------------------------------------------------------------------------------------

Task output when run at command line with -vvv verbosity

TASK [save configuration] **************************************************************************************************************************************************************************************************************
task path: /var/lib/awx/projects/checkpoint/gaia_save_configuration.yml:5
<10.1.2.51> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.1.2.51> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-125848VSLTgw"&& mkdir "echo /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820" && echo ansible-tmp-1622157921.29-125969-16013906004820="echo /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py
<10.1.2.51> PUT /root/.ansible/tmp/ansible-local-125848VSLTgw/tmpjqE3Hq TO /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820/AnsiballZ_cp_mgmt_run_script.py
<10.1.2.51> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820/ /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820/AnsiballZ_cp_mgmt_run_script.py && sleep 0'
<10.1.2.51> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820/AnsiballZ_cp_mgmt_run_script.py && sleep 0'
<10.1.2.51> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-125848VSLTgw/ansible-tmp-1622157921.29-125969-16013906004820/ > /dev/null 2>&1 && sleep 0'
fatal: [10.1.2.51]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"args": null,
"comments": null,
"script": "/usr/tmp/scripts/backup/gateway-save-configuration.sh",
"script_name": "save configuration",
"targets": [
"target-01"
],
"version": null,
"wait_for_task": true,
"wait_for_task_timeout": 30
}
},
"msg": "Task target-01- save configuration with task id 14cca0a8-81d4-4488-b44c-3340e38c6fd2 failed. Look at the logs for more details"
}

PLAY RECAP *****************************************************************************************************************************************************************************************************************************
10.1.2.51 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

PhoneBoy · ‎2021-05-28

Your potential answer is in the behavior you describe: explicitly run the task in the background (e.g. with nohup or similar).
You won’t be able to monitor the results of the script via Ansible or the API, but the call won’t fail either.

Simon_Macpherso · ‎2021-05-29

How can a task be run in the background?

If i cant monitor the task directly it wont matter in this instance. My script outputs a log file which I can monitor.

Using the async parameter with poll = 0 doesn't work. The job doesn't start even though stdout reports the job as started.

Using the ignore_errors parameter doesn't work as the job still shows as failed in the smart console recent task list, which I want to avoid.

Again I've had to split the playbook out in to multiple tasks.

PhoneBoy · ‎2021-05-30

As I suggested: using nohup.
More precisely, invoke whatever script has your commands with nohup (e.g. /usr/bin/nohup /home/admin/whateverscript.sh)
This will run the script in the background and pipe output to nohup.out.

Simon_Macpherso · ‎2021-05-31

using nohup doesn't work

ive used nohup <command> & to launch the bash script in the background

the inherent limitation in the run script API endpoint persists.

Are you a member of CheckMates?

cp_mgmt_run_script module 5 minute runtime timeout