Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
prisciltetchou
Contributor

issue when generating trying to generate a candidate list with CDT

Hello All, 

 

Please I need help to use CDT. 

I installed it on our SMS but I cannot generate a candidate list in basic mode. 

I typed the command: ./CentralDeploymentTool -generate testgen.csv IP_SMS

The only modification I made in the CentralDeploymentTool.xml file is my Email address that I added. 

see below the log: 

Thu Nov 14 10:32:52 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/
Thu Nov 14 10:32:52 2019 *E*: The SendTo setting in the CentralDeploymentTool.xml file is not empty, but an email server is not configured in Gaia. Notification email will not be sent.
Thu Nov 14 10:32:53 2019 *D*: CPUSE RPM build: 1809
Thu Nov 14 10:32:53 2019 *D*: CDT process started (entered init) with these command line arguments:
Thu Nov 14 10:32:53 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/
Thu Nov 14 10:32:53 2019 *D*: Executable directory: /opt/CPcdt/
Thu Nov 14 10:32:53 2019 *D*: 0: ./CentralDeploymentTool
Thu Nov 14 10:32:53 2019 *D*: 1: -generate
Thu Nov 14 10:32:53 2019 *D*: 2: testgen.csv
Thu Nov 14 10:32:53 2019 *D*: 3: 10.224.6.43
Thu Nov 14 10:32:53 2019 *D*: CDT started with these configurations:
Logger file level: 0
Screen file level: 1
Syslog level: 999
DA path: /sysimg/CPwrapper/linux/CPda/CPda-00-00.i386.rpm
Max parallel remote operations: 5
Max machines in batch: -1
Last time to start a new batch: 31/12/2099 23:59
PerformCUUpgrade: 1
Restore original state: 0
Mail address: priscille.tetchou-tchonta@sogeti.com


Thu Nov 14 10:32:53 2019 *A*: Central Deployment Tool (version 1.7 build #990180531)
Thu Nov 14 10:32:53 2019 *A*: ======================================================

Thu Nov 14 10:32:53 2019 *A*: Current execution logs are in: /var/log/CPcdt/logs_2019-11-14-10-32-52/
Thu Nov 14 10:32:53 2019 *D*: The configured time zone is: CET
Thu Nov 14 10:32:53 2019 *D*: 
Command Summary:
Command = /bin/dbget snap:show:current:version
Return code = 0
Output = R80.20


Thu Nov 14 10:32:53 2019 *D*: currentOSVersion=R80.20
Thu Nov 14 10:32:53 2019 *D*: CurrentBuild= 1809 MinimumDaBuildNumber= 1271 MaximumDaBuildNumber= -1
Thu Nov 14 10:32:53 2019 *D*: Starting parse arguments for deployment plan execution mode.
Thu Nov 14 10:32:53 2019 *E*: Enter the deployment plan file path and try again.
Thu Nov 14 10:32:53 2019 *N*: Total execution time: 0 hours 0 minutes 1 seconds
Thu Nov 14 10:32:53 2019 *D*: CDT process ending with return code 108
Thu Nov 14 10:32:53 2019 *D*: Running /sbin/pidof CentralDeploymentTool
Thu Nov 14 10:32:53 2019 *D*: 
Command Summary:
Command = /sbin/pidof CentralDeploymentTool
Return code = 0
Output = 16488


Thu Nov 14 10:32:53 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/

 

Help please!!

0 Kudos
10 Replies
Liat_Cihan
Employee
Employee

Hello prisciltetchou,

Did you add to the XML file the package to install?

for example: <PackageToInstall Path="/home/admin/packages/<pkg name>"  />

0 Kudos
prisciltetchou
Contributor

Hello, 

Thank you for your quick reply. 

I added that line in the file but it does not solve the problem. 

Now it shows this as output of the command:

./CentralDeploymentTool -generate test.csv IP-SMS
Thu Nov 14 14:21:40 2019 *E* [Main]: The SendTo setting in the CentralDeploymentTool.xml file is not empty, but an email server is not configured in Gaia. Notification email will not be sent.
Thu Nov 14 14:21:41 2019 *A* [Main]: Central Deployment Tool (version 1.7 build #990180531)
Thu Nov 14 14:21:41 2019 *A* [Main]: ======================================================

Thu Nov 14 14:21:41 2019 *A* [Main]: Current execution logs are in: /var/log/CPcdt/logs_2019-11-14-14-21-40/
Thu Nov 14 14:21:41 2019 *E* [Main]: Invalid number of arguments.

This is the log related to my action:

Thu Nov 14 14:21:40 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/
Thu Nov 14 14:21:40 2019 *E*: The SendTo setting in the CentralDeploymentTool.xml file is not empty, but an email server is not configured in Gaia. Notification email will not be sent.
Thu Nov 14 14:21:41 2019 *D*: CPUSE RPM build: 1818
Thu Nov 14 14:21:41 2019 *D*: CDT process started (entered init) with these command line arguments:
Thu Nov 14 14:21:41 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/
Thu Nov 14 14:21:41 2019 *D*: Executable directory: /opt/CPcdt/
Thu Nov 14 14:21:41 2019 *D*: 0: ./CentralDeploymentTool
Thu Nov 14 14:21:41 2019 *D*: 1: -generate
Thu Nov 14 14:21:41 2019 *D*: 2: test.csv
Thu Nov 14 14:21:41 2019 *D*: 3: SMS_IP
Thu Nov 14 14:21:41 2019 *D*: CDT started with these configurations:
Logger file level: 0
Screen file level: 1
Syslog level: 999
DA path: /sysimg/CPwrapper/linux/CPda/CPda-00-00.i386.rpm
Max parallel remote operations: 5
Max machines in batch: -1
Last time to start a new batch: 31/12/2099 23:59
PerformCUUpgrade: 1
Restore original state: 0
Mail address: MY_MAIL


Thu Nov 14 14:21:41 2019 *A*: Central Deployment Tool (version 1.7 build #990180531)
Thu Nov 14 14:21:41 2019 *A*: ======================================================

Thu Nov 14 14:21:41 2019 *A*: Current execution logs are in: /var/log/CPcdt/logs_2019-11-14-14-21-40/
Thu Nov 14 14:21:41 2019 *D*: The configured time zone is: CET
Thu Nov 14 14:21:41 2019 *D*: 
Command Summary:
Command = /bin/dbget snap:show:current:version
Return code = 0
Output = R80.20

Thu Nov 14 14:21:41 2019 *D*: currentOSVersion=R80.20
Thu Nov 14 14:21:41 2019 *D*: CurrentBuild= 1818 MinimumDaBuildNumber= 1271 MaximumDaBuildNumber= -1
Thu Nov 14 14:21:41 2019 *D*: Start parsing argument for backward compatibility execution mode.
Thu Nov 14 14:21:41 2019 *E*: Invalid number of arguments.
Thu Nov 14 14:21:41 2019 *N*: Total execution time: 0 hours 0 minutes 1 seconds
Thu Nov 14 14:21:41 2019 *D*: CDT process ending with return code 108
Thu Nov 14 14:21:41 2019 *D*: Running /sbin/pidof CentralDeploymentTool
Thu Nov 14 14:21:41 2019 *D*: 
Command Summary:
Command = /sbin/pidof CentralDeploymentTool
Return code = 0
Output = 27173

Thu Nov 14 14:21:41 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/

 

I thought that as I was in basic mode I did not need to modify the XML file?

0 Kudos
Prov
Explorer

You have to modify the XML in order to specify what package you want to install. In advanced mode you specify the package in the deployment plan xml. When you are using Basic mode you have specify it in CentralDeploymentTool.xml.

Can you attach the XML? It should look something like this , which is basically the default XML with additional "PackageToInstall" element.

Click to Expand

<?xml version="1.0" encoding="UTF-8"?>

<!--
This is the Check Point Central Deployment Tool configuration file.
Refer to the CDT Admin Guide for additional information about configuring and using CDT.
-->

<CentralDeploymentTool>

<PackageToInstall Path="/home/admin/Check_Point_heat_main_T200_R80.30_Gaia_Install_and_Upgrade.tgz" />


<!--

Logging - Used in order to filter the logs saved to files, displayed on the screen or sent to the syslog.
Supported logging levels: DEBUG, NORMAL, ERROR, ALWAYS, NONE
Colors - Should be set to true for displaying log messages in color on the screen.
-->
<Logging FileLevel="DEBUG" ScreenLevel="NORMAL" SyslogLevel="NONE" Colors="false"/>

<!--
Batch - Used in order configure the properties of installation/preparations batches.
MaxMachinesCount - The maximum number of machines to include in a single installation/preparations batch. Set to "UNLIMITED" to include all candidates in the same batch.
LatestAllowedDate and LatestAllowedTime - Date (DD/MM/YYYY) and Time (HH:MM) after which new batches will not be executed by CDT.
-->
<Batch MaxMachinesCount="UNLIMITED" LatestAllowedDate="31/12/2099" LatestAllowedTime="23:59"/>

<!--
MailNotification [optional] - A valid email address for receiving completion and error notifications from CDT.
-->
<MailNotification SendTo="aa@xyz.com"/>

<!--
Repository - Full path to repository directory where CDT should store packages for RMA.
-->
<Repository path="/home/admin/"/>
</CentralDeploymentTool>

 

CDT.PNG

0 Kudos
prisciltetchou
Contributor

Hi All, 

thank you for your help. 

I added the installTo package and I could generate the candidate list.

I typed the command to generate without adding the IP of the SMS, as I have just one SMS, I do not need to precise an IP (right?).

Now I have another problem. 

I edited the generated file by deleting the unneeded firewalls. When I do a "preparations" on the new file, the output shows that all  firewalls were annalysed. the result gives a file "validations.csv" that contains all the firewalls that i deleted from the candidates list. Is it normal? I would like to install the package only on the firewalls that are in the candidates list now.

What can I do please?

 

 

0 Kudos
Prov
Explorer

CDT admin guide https://sc1.checkpoint.com/documents/CDT/v1.7/Content/Topics/Introduction-to-CDT.htm

It has more details about every execution mode and explanation about additional features such as filter file that you might find useful.

 

To your question, you are removing the target incorrectly, to unmark a Security Gateway from a package installation, replace its "upgrade order" number with "-" (minus character). 

 

0 Kudos
prisciltetchou
Contributor

Hello Prov, 

 

Thanks for you intervention. 

I have that link and that is what I am using. 

I did unmark (using the "-" sign) the firewalls on which I do not wish to install the package. But in the preparation phase, I though CDT would have analysed only the marked firewalls, but it seems it prepares all the firewalls (including the unmark ones) managed by the SMS and it generate a "validations.csv" file. Is it normal? 

What is the use of the validations.csv file? 

all the unmark firewalls are in production and I do not want to install the packages on them yet. 

How can I be sure that the package will not be installed on them?

 

0 Kudos
Vadim9
Employee Alumnus
Employee Alumnus

Whenever validations.csv is created it means there is inconsistency between the candidates list you provided to the current state of machines(even the ones you unmarked). It can be version change, Cluster change(Active/Standby) etc.. 
You can see the difference by comparing the validations.csv to the candidates list that was generated during "generate mode".
validations.csv is the current state of machines.

You can trust CDT, CDT will not install it on machines that were unmarked using "-". 

If you have small number of targets I would recommend using "filter file". This way you add the relevant targets to a list, simple txt file,  each target on a new line(For clusters add the cluster and not the member). CDT will run generate and execute only on  these targets and not check the entire DB which will reduce the execution time. 
Unfortunately this feature is only available in advanced mode. If you decide to try the advanced mode don't forget to remove the "packageToInstall" element from the CDT.XML. 

0 Kudos
prisciltetchou
Contributor

Hello Vadim9, 

I did generate a candidate list (candidates.csv) with this command in advance mode: ./CentralDeploymentTool -generate -candidates=candidates.csv -deploymentplan=DepPlan.xml -filter=filter.csv

As you said, it was faster that the normal process, and I got only the firewalls I needed (the ones in "filter.csv file). 

But when I did execute a deployment plan with the command: ./CentralDeploymentTool -execute -candidates=candidates.csv -deploymentplan=DepPlan.xml -filter=filter.csv

I had an this message error: 

 

Thu Nov 21 06:19:05 2019 *N* [xxxfwc0001]: Executing stage - Import Package Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz
Thu Nov 21 06:22:03 2019 *E* [xxxfwc0001]:
************************************************
An error has occurred in stage Import Package Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz of machine xxxfwa0001:

Error code 39 - Package importation failed on the remote machine. Manually import the package to the CPUSE and try again.

Additional Information:
-----------------------

        ************************************************
        DAClient import completed with errors.
        Error code 41 - Error executing a CPUSE operation on a remote machine.
        ************************************************

************************************************

 

the CPUSE build number is 1818 on both the SMS and the remote firewall. 

This is my DepPlan.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!--
        This is an example of a Check Point Central Deployment Tool Deployment Plan file.
        Refer to the CDT SK for additional information about configuring and using CDT:
        <a href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111158" target="_blank">https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111158</a>
-->

<CDT_Deployment_Plan>
                <!--
                The plan_settings element contains the name and the description of the deployment plan
                and additional configuration.
                -->
        <plan_settings>
                        <name value="Example deployment plan" />
                        <description value="Example deployment plan provided with CDT" />
                        <update_cpuse value="true" />
                        <connectivityupgrade value="true" />
        </plan_settings>

                <!-- Execute script -->
                <execute_script path="/home/admin/cdt/preScript.sh" iscritical="false" />

                <!-- Remove custom jumbo -->
                <uninstall_cpuse_package filename="R75.46_JUMBO_HF.tgz" />

                <!-- Major R77.30 upgrade -->
                <import_package path="/home/admin/Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz" />
                <install_package path="/home/admin/Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz" />

                <!-- Notifications during execution -->
                <log level="NORMAL" value="Finished installing major upgrade." />
                <send_email to="cdt.admin@checkpoint.com" subject="Major upgrade completed" body="Finished installation of R77.30 major upgrade, preparing to install R77.30 HF2." />

                <!-- Install HF for R77.30 -->
                <import_package path="/home/admin/Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz" />
                <install_package path="/home/admin/Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz" />

                <!-- Get a file from the gateway to /home/admin/ -->
                <pull_file remote_path="/home/admin/file_to_pull.txt" local_dir="/home/admin/" />

</CDT_Deployment_Plan>

Recall that I would like to upgrade the firewall from R77.30 to R80.20.

Please what am I missing? 

0 Kudos
Liat_Cihan
Employee
Employee

We are working with Priscille offline and will update this forum once we will have an update

0 Kudos
Liat_Cihan
Employee
Employee

The problem was due to a corrupted tgz file. Once it was re-downloaded from the User Center the upgrade finished successfully. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events