cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

no session-name with Ansible playbook

Hello everyone,


I would want to have the session name appear in the audit logs when pushing or publishing changes with the web-services API via Ansible.

Basically, what is done automatically when publishing in SmartConsole (see Capture.PNG).

However, session name is not set when using the session-name parameter in the login command (see Capture2.PNG), and therefore not in the logs neither (Capture3.PNG)

This is the login task I use (I want the session to use the ansible user and date, as well as a change ticket that the user will be prompted for):

- name: login into SmartConsole API
  check_point_mgmt:
    command: login
    parameters:
      username: "{{ cpuser }}"
      password: "{{ cppassword }}"
      management: "{{ cpserver }}"
      session-name: "{{ change_ticket | upper }} - {{ ansible_user_id | lower}} - {{ ansible_date_time.date }}"
    fingerprint: "{{ cpfingerprint }}"
  register: login_response

The session-name parameter is not rejected and the user is correctly logged in. It doesn't seem that the publish command permits to set a session name.

My management station is 80.10 and Ansible is in version 2.7.10.


What am I doing wrong? Or is it some kind of bug? I did not find doc about this outside of

I don't have the issue I use the mgmt_cli tool in expert mode (Capture4.PNG).

 

Any help will be appreciated, thank you in advance.

0 Kudos
4 Replies
Admin
Admin

Re: no session-name with Ansible playbook

Only the login command allows you to set a session-name.
When you do the publish action, you specify the UID of the session.

What is it you specify in the publish part of your playbook?
0 Kudos

Re: no session-name with Ansible playbook

thanks for the confirmation, PhoneBoy!

I publish using the registered login-response from the login command

- name: publish changes
  check_point_mgmt:
    command: publish
    session-data: "{{ login_response }}"

 presumably to use, I thought, the SID of the session (~= --session-id in mgmt_cli command).

But you say I should use the UID? I'll give it try tomorrow, will keep you posted.

 

thanks for the fast answer!

0 Kudos

Re: no session-name with Ansible playbook

hello,

I actually did not try to specify a UID when publishing as I couldn't even see one in the login-response.

I however found a way to get what I wanted: use the set-session command with a new-name parameter after login. This successfully set a Name I could see in the Sessions tab of SmartConsole, as well as a Session Name in the changes and publish audit logs entries.

In summary, the session-name parameter doesn't work with the login command, but set-session one is happy to push the new-name parameter. So now, I use this instead of the single login from my original post:

- name: login into CP WebServices API
  check_point_mgmt:
    command: login
    parameters:
      username: "{{ cpuser }}"
      password: "{{ cppassword }}"
      management: "{{ cpserver }}"
    fingerprint: "{{ cpfingerprint }}"
  register: login_response

- name: set a session-name
  check_point_mgmt:
    command: set-session
    parameters:
      new-name: "{{ change_ticket | upper }} - {{ ansible_user_id | lower}} - {{ ansible_date_time.date}}"
    session-data: "{{ login_response }}"

Thanks for the help, I'll mark this as a solution.

0 Kudos
Admin
Admin

Re: no session-name with Ansible playbook

What version of the API were you trying to do this against?
It might very well be there's a bug when setting the session name on the login action.
0 Kudos