Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ukohae
Contributor

Ansible - How to check if a group exist. If it exist, then create Host Objects to that group

How do I check if a Group Exists in a domain using Ansible, and if it exists add a host to the group, if it doesn't exist, create a new group and then add a host to that Group.
 
playbook.yml

 

---
- hosts: check_point
  connection: httpapi
  gather_facts: False
  vars_files:
    - 'my_var.yml'
    - 'login.yml'
   
   tasks:
   - name: add-host-if-group-exist
     check_point.mgmt.cp_mgmt_host:
       name: Host1
       ip_address: 10.1.2.3
       comments: 'FWP'
       state: present
       groups: groupTest
       auto_publish_session: yes
     delegate_to: Global

   - name: add-group-if-group-doesn't exist-and-create-host
     check_point.mgmt.cp_mgmt_host:
       name: groupTest
       state: present
       members: Host1
       auto_publish_session: yes
     delegate_to: Global

# let's check if the group exists, if it doesn't create a new group and add a host. If a group exists add new host to that group

 

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

I'm by no means an expert in Ansible.
But I assume you could execute check_point.mgmt.cp_mgmt_group_facts and either add to the existing group or create the group based on the result.
Tagging @Or_Soffer in case he has a more precise idea.

0 Kudos
ukohae
Contributor

Hi, can I get a working code example?

0 Kudos
PhoneBoy
Admin
Admin

Seems like you'd use fail in the playbook.
But you should check the group first, then create the host object.
My guess is you'd have a task like the following before your create host task:

   - name: check-if-group-exists-if-not-create
     check_point.mgmt.cp_mgmt_group_facts
       name: groupTest
   - fail:
       check_point.mgmt.cp_mgmt_host:
         name: groupTest
         state: present
         members: Host1
         auto_publish_session: yes
       delegate_to: Global

 However: I have not tested this.

 

0 Kudos
ukohae
Contributor

I ran the sample code. I get a console error message

 

---
- name: Global Objects
  hosts: Global
  connection: httpapi
  gather_facts: False
  vars_files:
    - 'credentials/my_var.yml'
    - 'credentials/login.yml'

  tasks:
  - name: check-if-group-exists-if-not-create
    check_point.mgmt.cp_mgmt_group_facts:
      name: gTest1A

  - name: fail
    fail:
      check_point.mgmt.cp_mgmt_host:
        name: Host1
        state: present
        #members: Host1
        auto_publish_session: yes
      #delegate_to: Global

 

 

Error Message

 

TASK [fail] ********************************************************************************************************************************************************************************
fatal: [Global]: FAILED! => {"changed": false, "msg": "Invalid options for fail: check_point.mgmt.cp_mgmt_host"}

 

@PhoneBoy @Jonas_Rosenboom 

 

0 Kudos
PhoneBoy
Admin
Admin

The fail should be associated with checking the existence of the group, which it's not in your code sample.

0 Kudos
Jonas_Rosenboom
Employee
Employee

If you can't use Ansible according to it's philosophy due to your environment, it might be easier to find a better tool for the job.

via https://www.ansible.com/blog/ansible-best-practices-essentials

> Ansible is a desired state engine by design. If you’re trying to “write code” in your plays and roles, you’re setting yourself up for failure. Our YAML-based playbooks were never meant to be for programming.

Check out our Check Point API Python Development Kit and API documentation instead. A short Python script might cover all your cases and give you quick results.

0 Kudos