Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mervin16
Participant

Ansible Connection Error

Jump to solution

Hi,

 

I am trying to create a network in my Checkpoint SMS R80.40 using Ansible but i am getting a Connection Error.

The full error is:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 500
fatal: [ckp_sms_ngen]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-local-304lwzdpy_j/ansible-tmp-1604762020.3755455-406-100633197970042/AnsiballZ_cp_mgmt_network.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_network', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib/python2.7/runpy.py\", line 188, in run_module\n    fname, loader, pkg_name)\n  File \"/usr/lib/python2.7/runpy.py\", line 82, in _run_module_code\n    mod_name, mod_fname, mod_loader, pkg_name)\n  File \"/usr/lib/python2.7/runpy.py\", line 72, in _run_code\n    exec code in run_globals\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py\", line 225, in <module>\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py\", line 220, in main\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 265, in api_call\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 65, in send_request\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_network_payload_EPDDSc/ansible_check_point.mgmt.cp_mgmt_network_payload.zip/ansible/module_utils/connection.py\", line 195, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 500\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

 

My Playbook is as such:

---
- name: playbook name
  hosts: firewalls_checkpoint
  connection: httpapi
  tasks:
    - name: task to have network
      check_point.mgmt.cp_mgmt_network:
        name: "network name"
        subnet: "4.1.76.0"
        mask_length: 24
        auto_publish_session: true

      vars:
        ansible_checkpoint_domain: "SMC User"

 

My Hosts file:

#This is a group of remote servers for Checkpoint SMS
[firewalls_checkpoint]
ckp_sms_ngen

#These are global variables for the group firewalls
[firewalls_checkpoint:vars]
ansible_user=admin
ansible_password=*****
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=no
ansible_python_interpreter=/usr/bin/python2.7

 

The checkpoint version i am using is:

This is Check Point Security Management Server R80.40 - Build 150
This is Check Point's software version R80.40 - Build 685

I tried sending requests via POSTMAN and it works fine.

Can someone please help me ?

 

0 Kudos
1 Solution

Accepted Solutions
Jim_Oqvist
Employee
Employee

Hi Mervin,

What I assume is that you have mapped ckp_sms_ngen to an ip address in /etc/hosts.
I noticed that when doing so this causes Ansible httpapi connection plugin to send "X-Forwarded-Host=[]" in the http header, which in turn causes the server to respond with:

Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Sat, 07 Nov 2020 21:00:13 GMT]}
Payload: {
"code" : "generic_err_missing_required_header",
"message" : "Invalid header: [X-Forwarded-Host]"
}

While Ansible should send X-Forwarded-Host=[X.X.X.X:443],

 

You can work around this by adding "ansible_host" to your /etc/ansibe/hosts file.

[firewalls_checkpoint]
ckp_sms_ngen ansible_host=192.168.233.71

 

I am not sure if the problem is on the Ansible core side or our collection, but I will report this to our developers so they can work with Red Hat on that.

Kind Regards
Jim

View solution in original post

3 Replies
Jim_Oqvist
Employee
Employee

Hi Mervin,

What I assume is that you have mapped ckp_sms_ngen to an ip address in /etc/hosts.
I noticed that when doing so this causes Ansible httpapi connection plugin to send "X-Forwarded-Host=[]" in the http header, which in turn causes the server to respond with:

Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Sat, 07 Nov 2020 21:00:13 GMT]}
Payload: {
"code" : "generic_err_missing_required_header",
"message" : "Invalid header: [X-Forwarded-Host]"
}

While Ansible should send X-Forwarded-Host=[X.X.X.X:443],

 

You can work around this by adding "ansible_host" to your /etc/ansibe/hosts file.

[firewalls_checkpoint]
ckp_sms_ngen ansible_host=192.168.233.71

 

I am not sure if the problem is on the Ansible core side or our collection, but I will report this to our developers so they can work with Red Hat on that.

Kind Regards
Jim

View solution in original post

mervin16
Participant

Thank you so much for helping me. This worked. 

Thank you for checking this issue with Red Hat 🙂

0 Kudos
Jim_Oqvist
Employee
Employee

To update, this only seems to happen when using underscore "_" in the hostname, when using dash "-" will work fine.

PLAY RECAP *************************************************************************************************
chkp-mgmt                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
chkp_sms                   : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
0 Kudos