Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cegeka_Networki
Explorer

Ansible - getting info from multiple domains from provider

 

Hello all

I'm facing the following issue and I can't seem to find a way to fix it.

I'm trying to get an overview of all vpn's created on our check point platform.

I'm doing this by executing the following task in my playbook on 2 hosts in my inventory:

 

Task:

- name: show-vpn-communities-star on chosen firewall
    cp_mgmt_vpn_community_star_facts:
     details_level: full
   register: existing_star_vpns_on_fw

 

Inventory:

Aveve ansible_host=10.248.0.254 ansible_checkpoint_domain=Aveve
Renewi ansible_host=10.248.0.254 ansible_checkpoint_domain=Renewi

 

Running this playbook from AWX and debugging the registered variable: existing_star_vpns_on_fw gives me the same output twice (once for each host it was run on):

 

 

TASK [show-vpn-communities-star on chosen firewall] ****************************
ok: [Aveve]
[


ok: [Renewi]
[

TASK [debug] *******************************************************************
ok: [Aveve] =>
"msg": "VPN name: S2S-CI00060823-Actemium, peer ip: x.x.x.x"
}
[


ok: [Aveve] =>
"msg": "VPN name: test-vpn, peer ip: 1.1.1.1"
}
[
ok: [Renewi] =>
"msg": "VPN name: S2S-CI00060823-Actemium, peer ip: x.x.x.x"
}
[

ok: [Renewi] =>
"msg": "VPN name: test-vpn, peer ip: 1.1.1.1"
}
[

 

The output I'm getting are only the vpn's on Aveve. It almost seems that Ansible can't handle registered variables on multiple domains on 1 ansible host: 10.248.0.254. Does anyone have an idea how to prevent this?
Executing the same playbook on just 1 domain works perfectly.

 

Complete playbook:

 

- name: Check vpn's on Check Point platform
connection: httpapi
hosts: Aveve,Renewi
gather_facts: no

tasks:

- name: Setting password for NSAutomation user as fact
set_fact:
ansible_password: "{{ NSAutomation_pass }}"

- name: show-vpn-communities-star on chosen firewall
cp_mgmt_vpn_community_star_facts:
details_level: full
register: existing_star_vpns_on_fw

- debug:
msg: "VPN name: {{ item.name }}, peer ip: {{ item['satellite-gateways'][0]['ipv4-address'] }}"
loop: "{{ existing_star_vpns_on_fw.ansible_facts['vpn-communities-star'].objects }}"

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

I assume you're talking about a Multi-Domain environment here.
Shouldn't you use the CMA IP for each domain here?
Cegeka_Networki
Explorer

I indeed decided to send my requests to the CMA's directly rather than the provider seeing as a register task is always saved on the host ip.
0 Kudos
PhoneBoy
Admin
Admin

You list the same IP for both domains...so I'm confused.
0 Kudos
IdentityUnknown
Participant

Hi,

Normally you would run your playbook in a MDM scenario against your mgmt-ip and the domain will be a variable.

- name: Check vpn's on Check Point platform
connection: httpapi
hosts: MGMT-IP
gather_facts: no
vars: 
  ansible_checkpoint_domain: "Domain 1"

 

 It think you have to use the  module cp_mgmt_mds_facts to get all domains and create a list of domains to loop your task through all domains (https://docs.ansible.com/ansible/latest/modules/cp_mgmt_mds_facts_module.html#cp-mgmt-mds-facts-modu...)

 

 

0 Kudos