Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hugo_vd_Kooij
Advisor

Adding and removing in Ansible

Hi,

I find that nsible gives me a bit of a headache. I can add objects without a problem by using "state: present" but if I set all objects to "state: absent" I run into dependency issue.

My current playbook I am testing with is:

---
- name: Create Objects
  hosts: cpmgmt
  connection: httpapi
  tasks:
  - name: Subnet NET-TEST-1
    check_point.mgmt.cp_mgmt_network:
      name: "NET-TEST-1"
      subnet: "192.168.1.0" 
      mask_length: 24
      color: red
      state: present

  - name: Subnet NET-TEST-2
    check_point.mgmt.cp_mgmt_network:
      name: "NET-TEST-2"
      subnet: "192.168.2.0"
      mask_length: 24
      color: purple
      state: present
  - name: Subnet NET-TEST-3
    check_point.mgmt.cp_mgmt_network:
      name: "NET-TEST-3"
      subnet: "192.168.3.0"
      mask_length: 24
      color: blue
      state: present

  - name: Group GRP-NET-TEST
     cp_mgmt_group:
      name: GRP-NET-TEST
      members:
      - NET-TEST-1
      - NET-TEST-2
      - NET-TEST-3
      color: dark gold
      state: present

  - name: Publish
    check_point.mgmt.cp_mgmt_publish:

 

So somehow you also need to change the order of the tasks if you want to delete objects. And that would defeat the purpose of ansible in my view.

So how do other handle playbooks like this?

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Tagging @Or_Soffer in case he has some feedback around this.

Part of the issue here is making sure we don't undo changes made by humans.
Which is why removing, say, a group that previously existed before Ansible was in use is not something we allow.
However, this seems like a pretty clear-cut case where Ansible is creating/removing all the relevant objects, so it...should work.

0 Kudos
Jim_Oqvist
Employee
Employee

Hi Hugo,

You can use the parameter
ignore_warnings: true
ansible-collections-check-point-mgmt-cp-mgmt-host-module 
2020-10-02_08-54-47.png

This will ignore any warnings when deleting an object and publish the change, for example deleting a host that is used in a group like in your situation.

Due to an issue, this this parameter is not honored in the current module.
R&D have found the root cause and this will be fixed in the next version of the collection.

Remember to always use the latest updated collection available here:
https://galaxy.ansible.com/check_point/mgmt

You can find information about the updates in the different releases of the collection here:
https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/releases

Kind Regards
Jim

0 Kudos
Upcoming Events

    CheckMates Events