Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oscar_Medina1
Contributor
Jump to solution

Ansible for creating NAT Rules, Hosts etc. - getting success but objects are not saved!

Hi Everyone,

I am a DevOps practitioner, and currently helping a client automate the provisioning and configuration of CheckPoint firewalls in Azure.

I created an Ansible Playbook with sample tasks to add Host, and NAT Rule, with no errors but somehow, these objects are not saved.  Has anyone run into this?

Playbook Contents

---

- name: "login"
check_point_mgmt:
command: login
parameters:
username: "{{mgmt_user}}"
password: "{{mgmt_password}}"
management: "{{mgmt_server}}"
fingerprint: "{{mgmt_fingerprint}}"
register: login_response


- name: "Get TCP Service"
check_point_mgmt:
command: show-service-tcp
parameters:
name: "DAS-Granite-FaceClient-20003-TCP-443"
session-data: "{{login_response}}"

- name: "publish"
check_point_mgmt:
command: publish
session-data: "{{login_response}}"


Execution output

All tasks succeed. Zero errors!

<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /Users/sharepointoscar/.ansible/tmp/ansible-tmp-1526006124.196667-230724803151205/ > /dev/null 2>&1 && sleep 0'
ok: [127.0.0.1] => {
"changed": false,
"invocation": {
"module_args": {
"command": "logout",
"fingerprint": null,
"parameters": null,
"session-data": "{'failed': False, 'changed': False, 'response': {'url': 'ipredacted:443', 'domain': None, 'sid': '-JkGsmtdamz-UqAG067hXCl1tTFQvUvkfDH9KB1_5P4', 'fingerprint':'redacted"
}
},
"response": {
"message": "OK"
}
}
META: ran handlers
META: ran handlers
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||

127.0.0.1 : ok=7 changed=0 unreachable=0 failed=0

0 Kudos
1 Solution

Accepted Solutions
Oscar_Medina1
Contributor

Thank you Robert Decker‌ . I downloaded and setup that cpAnsible.  I was using an old one.  My environment required for me to specify the ansible interpreter since I have multiple versions of Python.  To do that, I simply added this to the Group VARS as follows:

ansible_python_interpreter: "/usr/local/bin/python2.7"

So two things that helped:

  1. Download and setup the cpAnsible as per Robert Decker‌ suggestion
  2. Ensure that we run Ansible with Python 2.7 as anything in the 3.x will not work.  This is done by specifying it in the group_vars.yml file for a typical ansible project structure.

And that does it, thanks for all of your help Tomer Sole‌ and Robert Decker

This was a weird one Smiley Happy, hope it helps someone.

Cheers,
@SharePointOscar

View solution in original post

4 Replies
Robert_Decker
Advisor

Hi Oscar,

Have you tried using our cpAnsible library on GitHub?

Robert.

Oscar_Medina1
Contributor

Hey Robert Decker‌ . Yes, I essentially grabbed the sample stuff from there and configured my environment accordingly.  

Interesting thing is, PostMan calls with same username/password combination work.  The last call using Postman is "Publish".

I do see the SID and task ID being passed when I execute the Ansible last task of "Publish" as well, and I get a good response...

0 Kudos
Tomer_Sole
Mentor
Mentor

Exactly. Changes are saved, but not published for everyone else to see. https://community.checkpoint.com/thread/5042-using-mgmtcli-without-automatic-publish#comment-5982 

Oscar_Medina1
Contributor

Thank you Robert Decker‌ . I downloaded and setup that cpAnsible.  I was using an old one.  My environment required for me to specify the ansible interpreter since I have multiple versions of Python.  To do that, I simply added this to the Group VARS as follows:

ansible_python_interpreter: "/usr/local/bin/python2.7"

So two things that helped:

  1. Download and setup the cpAnsible as per Robert Decker‌ suggestion
  2. Ensure that we run Ansible with Python 2.7 as anything in the 3.x will not work.  This is done by specifying it in the group_vars.yml file for a typical ansible project structure.

And that does it, thanks for all of your help Tomer Sole‌ and Robert Decker

This was a weird one Smiley Happy, hope it helps someone.

Cheers,
@SharePointOscar

Upcoming Events

    CheckMates Events