Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CCDDCM_Network_
Explorer

Ansible Playbook with checkpoint, facing errors

Hi,  

Want to implement automation in our environment, so i have implementing scripts.

I am new to Ansible Playbook, 
below is the my simple Ansible script. 

- hosts:  172.31.37.222
vars_files:
 - vars.yml
connection: httpapi

tasks:

- name: Create host object
   cp_mgmt_host:
       name: prod_host
       ip_address: 192.168.1.1
       color: blue

Below is my vars.yml 

---
ansible_network_os: checkpoint
mgmt_user: admin
mgmt_password: password@1234
mgmt_server: 172.31.37.222
mgmt_fingerprint: BEAK ROWE CRAB SANE COOL CLOD TIP SILK WAYS HOLD AJAR GOLF
policy_name: Standard

 

I am getting below error

TASK [Create host object] **********************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'
fatal: [172.31.37.222]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-local-2020txphrfve/ansible-tmp-1589191649.730437-2075-182082441282010/AnsiballZ_cp_mgmt_host.py\", line 102, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-local-2020txphrfve/ansible-tmp-1589191649.730437-2075-182082441282010/AnsiballZ_cp_mgmt_host.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-local-2020txphrfve/ansible-tmp-1589191649.730437-2075-182082441282010/AnsiballZ_cp_mgmt_host.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_cp_mgmt_host_payload_uo74bntw/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 333, in <module>\n File \"/tmp/ansible_cp_mgmt_host_payload_uo74bntw/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 328, in main\n File \"/tmp/ansible_cp_mgmt_host_payload_uo74bntw/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 201, in api_call\n File \"/tmp/ansible_cp_mgmt_host_payload_uo74bntw/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP *************************************************************************************************************************************************************************************
172.31.37.222 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

 

Please let me know if you need any other details.

Kindly suggest me a solution. 

Best Regards, 

Shyam

0 Kudos
9 Replies
_Val_
Admin
Admin

Check if the API is enabled on your management, and Ansible server is in the GUI clients list. make sure you use Ansible 2.9 with the latest modules.

If still failing, run playbook with -dddd flag to ensure it is not a connectivity problem.

0 Kudos
CCDDCM_Network_
Explorer

Hi, 

Thank you for your replay. 

 

API is enabled on Management for all IP's. 

I am using ansible 2.9 +
kindly let me know, how to install module on my ansible server and how to check modules.

I have tested, it is not a connectivity problem between Ansible Server and Management.

 

Thanks In Advance !

Best Regards, 

Shyam

0 Kudos
IdentityUnknown
Participant

You have to use the appropriate attributes for the httpapi plugin:

https://docs.ansible.com/ansible/latest/plugins/connection/httpapi.html

 

E.g.:

 

ansible_user: admin
ansible_password: password@1234
ansible_network_os: checkpoint
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no

 

 

0 Kudos
CCDDCM_Network_
Explorer

Hi 

 

I have used appropriate attributes, please find the below full error message which is i am getting. 

 

TASK [Create host object] **********************************************************************************************************************************************************************
task path: /etc/ansible/cp-tes.yml:7
<172.31.37.222> ESTABLISH LOCAL CONNECTION FOR USER: root
<172.31.37.222> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-1540p8hj6toz `"&& mkdir /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871 && echo ansible-tmp-1589207536.623636-1595-254398751069871="` echo /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/network/check_point/cp_mgmt_host.py
<172.31.37.222> PUT /root/.ansible/tmp/ansible-local-1540p8hj6toz/tmp7h7gg62s TO /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py
<172.31.37.222> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/ /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py && sleep 0'
<172.31.37.222> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py && sleep 0'
<172.31.37.222> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py", line 102, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib64/python3.6/runpy.py", line 205, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code
mod_name, mod_spec, pkg_name, script_name)
File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py", line 333, in <module>
File "/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py", line 328, in main
File "/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py", line 201, in api_call
File "/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
ansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'
fatal: [172.31.37.222]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py\", line 102, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-local-1540p8hj6toz/ansible-tmp-1589207536.623636-1595-254398751069871/AnsiballZ_cp_mgmt_host.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 333, in <module>\n File \"/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 328, in main\n File \"/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 201, in api_call\n File \"/tmp/ansible_cp_mgmt_host_payload_iey_wfae/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}

 

Thanks In Advance !

 

Best Regards, 

Shyam

0 Kudos
IdentityUnknown
Participant

Error message sounds like sk114661

 

Which Check Point version / which Jumbo?

0 Kudos
CCDDCM_Network_
Explorer

Hi, 

 

When i running a playbook script for R80.40, the script is running without error but the host is not creating on management server. 

Playbook Script

- hosts: "172.31.35.106"
   vars_files:
       - vars.yml
   connection: httpapi

   tasks:
   - name: Create host object
      cp_mgmt_host:
          name: prod_host
          ip_address: 192.168.1.1
          color: blue

Below is Vars file: 

---
ansible_network_os: checkpoint
mgmt_user: admin
mgmt_password: passwod12$#
mgmt_server: 172.31.35.106
mgmt_fingerprint: DANE RUNG GRIN GLEE ECHO LAND REEL DEAD HUM LEO GERM AUTO
policy_name: Standard
ansible_httpapi_validate_certs: no
ansible_httpapi_use_ssl: yes

i am running playbook using below command

ansible-playbook file_name.yml

Please find the full logs.

TASK [Create host object] **********************************************************************************************************************************************************************
task path: /etc/ansible/cp-tes.yml:7
<172.31.35.106> ESTABLISH LOCAL CONNECTION FOR USER: root
<172.31.35.106> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-1681qxco2c0d `"&& mkdir /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016 && echo ansible-tmp-1589294878.1862984-1736-201143778510016="` echo /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/network/check_point/cp_mgmt_host.py
<172.31.35.106> PUT /root/.ansible/tmp/ansible-local-1681qxco2c0d/tmpy7ufmo7m TO /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016/AnsiballZ_cp_mgmt_host.py
<172.31.35.106> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016/ /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016/AnsiballZ_cp_mgmt_host.py && sleep 0'
<172.31.35.106> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016/AnsiballZ_cp_mgmt_host.py && sleep 0'
<172.31.35.106> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-1681qxco2c0d/ansible-tmp-1589294878.1862984-1736-201143778510016/ > /dev/null 2>&1 && sleep 0'
changed: [172.31.35.106] => {
"changed": true,
"checkpoint_session_uid": "76909390-fefa-4afe-9041-9c6d491e269c",
"host": {
"color": "blue",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "192.168.1.1",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-12T20:17+0530",
"posix": 1589294879039
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-12T20:17+0530",
"posix": 1589294879039
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "prod_host",
"nat-settings": {
"auto-rule": false
},
"read-only": true,
"tags": [],
"type": "host",
"uid": "6d0fe570-550d-4f93-9bce-5f74d6772359"
},
"invocation": {
"module_args": {
"auto_publish_session": null,
"color": "blue",
"comments": null,
"details_level": null,
"groups": null,
"host_servers": null,
"ignore_errors": null,
"ignore_warnings": null,
"interfaces": null,
"ip_address": "192.168.1.1",
"ipv4_address": null,
"ipv6_address": null,
"name": "prod_host",
"nat_settings": null,
"state": "present",
"tags": null,
"version": null,
"wait_for_task": true
}
}
}
META: ran handlers
META: ran handlers

PLAY RECAP *************************************************************************************************************************************************************************************
172.31.35.106 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

 

Kindly suggest me, what to do. 

Best Regards, 

Shyam

0 Kudos
_Val_
Admin
Admin

Did you forget to publish?

0 Kudos
CCDDCM_Network_
Explorer

Hi , 

Thank you for your replay.

how do i add rule section using Ansible playbook, i am using below checkpoint module.

cp_mgmt_*

as per the official Ansible checkpoint documentation, not mentioned how to add section.

 

Kindly suggest me a solution. 

Thanks In Advance ! 

 

Best Regards, 

Shyam

0 Kudos
IdentityUnknown
Participant

You are able to use "access sections" since galaxy collection version 1.0.5

https://community.checkpoint.com/t5/Ansible/New-version-of-Ansible-collection-1-0-5/m-p/84235/highli...

 

To be honest if you wanna do rulebase automation you won't need access sections. It will be much more complicated to handle your automation.

 

 

0 Kudos