Hi all,

I'm using the tutorial playbook on the Check Point Github page and I want to make a playbook where I can create host objects and a network group object based on an input file.

The goal is to use/create n number of hosts and add that n number of hosts to a network group objects based on an inputfile dat is dynamically generated by another script.

For this I'm trying to use the with_items statement in Ansible but I get the error:

TASK [set group] *******************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "The task includes an option with an undefined variable. The error was: 'item' is undefined\n\nThe error appears to have been in '/root/workspace/ansible/cp/cp_add_host_to_existing_group-playbook.yml': line 27, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n # the login command is used here to run 'add-host'\n - name: \"set group\"\n ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'item' is undefined"}

This is how my playbook looks like

---- hosts: "localhost" # Note #2 in the Description section vars_files: - varhosts.yml tasks: - name: "login" # You have to login to the management # server before running any commands check_point_mgmt: command: login parameters: username: "{{mgmt_user}}" # Variables set in /etc/ansible/hosts, to avoid needing password: "{{mgmt_password}}" # to type your login details in every playbook. management: "{{mgmt_server}}" domain: "{{mgmt_domain}}" fingerprint: "XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX" register: login_response # Register the output from the login # command so we can use it later to run commands. - name: "add host" check_point_mgmt: command: add-host # Name of the command parameters: # The parameters for it, in dictionary form name: "{{item.host_name}}" ipv4-address: "{{item.ipv4_address}}" session-data: "{{ login_response }}" # The session data we received from with_items: "{{host_table}}" # the login command is used here to run 'add-host' - name: "set group" check_point_mgmt: command: set-group parameters: name: "{{group_name}}" members: - "{{item.host_name}}" with_items: "{{host_table}}" session-data: "{{ login_response }}" - name: "publish" # Publishing is important if you want # your changes to be saved. check_point_mgmt: # This will actually 'discard' when # check mode is enabled (ansible-playbook -C) # unless you add 'always_run: yes' to the task. command: publish session-data: "{{login_response}}" - name: logout check_point_mgmt: command: logout session-data: '{{login_response}}'‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I also tried this:

- name: "set group" check_point_mgmt: command: set-group parameters:  name: "{{group_name}}"  members:   - "{{item.host_name}}"  session-data: "{{ login_response }}"‍‍‍‍‍‍‍‍‍ with_items: "{{host_table}}"‍‍‍‍‍‍‍‍‍

add with_items on the end of the group, but in that case only 1 (the last) host object is added to the network group object.

Somebody who can help me with this? I'm an Ansible fresher so any help is welcome!

Thanks