Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kim_Moberg
Advisor

CME Custom Gateway Script fails when resetting the RADIUS settings while redeploying script against

Hi

We have been using CP CME for a couple of years and I have been looking into what can be done smarter.

When we make changes to autoprovision.json via cmd autoprov-cfg it triggers an update/redeplyment on Cloudguards in our VMSS Scale Sets.

For example update / redeploying could be to add new log servers it will also trigger running the attached custom gateway script.

With the custom gateway script we might be setting banner for compliance purposes or time servers and DNS etc.. 

What we have added are also RADIUS authentication and that is were the problem happens.

When the script runs on the running VMSS Scale Sets Gloudguards the RADIUS breaks the run-script.

The error is:

WARNING Please make sure you do not configure the same user names on this RADIUS server and locally
WARNING Please make sure you do not configure the same user names on this RADIUS server and locally
  GAIA0101  Host already exist

Error exception are shown in below output.

################################ output from cme.log ######################################


2024-05-01 13:59:56,774 CME_SERVICE INFO Running script: "/bin/cg-azsea-script.sh " on target: SEATST


2024-05-01 14:00:07,043 CME_SERVICE INFO Resetting gateway SEATST
2024-05-01 14:00:07,121 CME_SERVICE INFO Deleting objects for gateway: SEATST-
2024-05-01 14:00:07,121 CME_SERVICE INFO Deleting objects with Policy Destructor Network Group
2024-05-01 14:00:11,445 CME_SERVICE INFO Gateway instance SEATST was removed successfully from CME_SEATST network group
2024-05-01 14:00:11,446 CME_SERVICE ERROR Failed to provision the Security Gateway instance SEATST
2024-05-01 14:00:11,462 CME_SERVICE ERROR Error traceback: Traceback (most recent call last):
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1124, in run_post_customize instance.name)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1066, in run_custom_gateway_script put_file_dict=put_file_dict)
File "/opt/CPcme/cp_handlers/mgmt_handler.py", line 275, in run_script
response = self(CPMCommand.RUN_SCRIPT, body).get(
File "/opt/CPcme/cp_handlers/mgmt_handler.py", line 178, in __call__
silent=silent)
File "/opt/CPcme/cp_handlers/mgmt_api_handler.py", line 245, in __call__
CMEExceptionCodes.MGMT_API, command=command)
cme_exceptions.cme_exceptions.ManagementApiException: Error Code: Management API error

API call failed with command: run-script
Payload: {'script-name': '/bin/cg-azsea-script.sh ', 'script': '/bin/cg-azsea-script.sh ', 'targets': ['SEATST']}
Error details: WARNING Please make sure you do not configure the same user names on this RADIUS server and locally, WARNING Please make sure you do not configure the same user name
s on this RA...

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/CPcme/service/cme_service.py", line 533, in sync
is_setup_gw_succeed = management.autoprovision_handler.set_gateway(instance, gw, auto_hf)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1473, in set_gateway
self.provision_gateway(instance, gw, auto_hf, gw_tags, simple_gateway)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 2857, in provision_gateway
self.run_post_customize(instance=instance, gw=gw, gw_tags=gw_tags)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1133, in run_post_customize
raise Exception(f'post-customize gateway failed: {str(e)}')
Exception: post-customize gateway failed: Error Code: Management API error

API call failed with command: run-script
Payload: {'script-name': '/bin/cg-azsea-script.sh ', 'script': '/bin/cg-azsea-script.sh ', 'targets': ['SEATST']}
Error details: WARNING Please make sure you do not configure the same user names on this RADIUS server and locally, WARNING Please make sure you do not configure the same user name
s on this RA...
2024-05-01 14:00:13,499 CME_SERVICE INFO VMSS hub-cldgd-dev-scaleset, is managed by private ip address through eth1

################################ output from cme.log ######################################

 

How can this be solved? I have added the script as an attachment

 

Best Regards
Kim
0 Kudos
2 Replies
Shay_Levin
Admin
Admin

Hello Kim, 

Based on my examination of the SR, we suspect the problem lies within the script due to an erroneous in the  management API call.

Needs to verify that the script run successfully when invoked from the management using mgmt_cli run-script.

 

0 Kudos
Kim_Moberg
Advisor

Hello Shay,

I can also see mgmt api call generate an error but I do now run any Mgmt CLI commands via the script in itself.

If I run the script directly on the gateway I do not get the error other than standard RADIUS warning.

Basically my impression is a pure error handling of such condition and if we any one working on with cloudguards and using custom gateways script might have an experienced similar issue, or am I wrong here?

 

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.