Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ukohae
Contributor

Checkpoint using Ansible - Error Message

Hello,

I am trying to use Ansible to communicate with a device on SmartConsole checkpoint. 

Question: How can I effectively communicate(authenticate) with Checkpoint devices?

I am using R80.40

hosts 

-------------------------------------------------------------------------------------------------------------------------------------

[checkpoint]

10.31.30.121

[checkpoint:vars]

ansible_httpapi_validate_certs=False

ansible_httpapi_use_ssl=True

ansible_network_os=checkpoint

policy_name=Standard

mgmt_server=#mgmt_serper_IP

ansible_python_interpreter=/usr/bin/python3

ansbile_user=#Checkpoint Username

ansible_password=#Checkpoint Password

 

-------------------------------------------------------------------------------------------------------------------------------------

cp_mgmt_host.yml

---

- hosts: checkpoint

  connection: httpapi

  tasks:

     - name: Create host object

        cp_mgmt_host:

             color: dark green

             ipv4_address: 192.0.2.2

             name: New CP_MGMT Host 1

             state: present

             auto_publish_session: true

 

---------------------------------------------------------------------------------------------------------------------------------

                                                                           Error Message 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

$ansible-playbook cp_mgmt_host.yml

 

PLAY [checkpoint] ***********************************************************************************************************************

 

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [10.31.30.121]

 

TASK [Create host object] ***********************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'
fatal: [10.31.3.130]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/user/.ansible/tmp/ansible-local-26357sRCDQE/ansible-tmp-1611243679.24-26455-18666920100150/AnsiballZ_cp_mgmt_host.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/user/.ansible/tmp/ansible-local-26357sRCDQE/ansible-tmp-1611243679.24-26455-18666920100150/AnsiballZ_cp_mgmt_host.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/user/.ansible/tmp/ansible-local-26357sRCDQE/ansible-tmp-1611243679.24-26455-18666920100150/AnsiballZ_cp_mgmt_host.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 333, in <module>\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/modules/network/check_point/cp_mgmt_host.py\", line 328, in main\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 201, in api_call\n File \"/tmp/ansible_cp_mgmt_host_payload_8n9zbibm/ansible_cp_mgmt_host_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: 'Connection' object has no attribute '_session_uid'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

 

PLAY RECAP ***********************************************************************************************************************
10.31.3.130 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

0 Kudos
7 Replies
funkylicious
Advisor

ukohae
Contributor

Hi,

 

My version of SmartConsole is R80.40. When I try to install collection management, it doesn't install. If the ansible collection mgmt is installed could it fix the bug?

0 Kudos
Art_Zalenekas
Employee
Employee

Two things:

  • Install CHKP Management Collection (and overwrite if present)
    • $ ansible-galaxy collection install check_point.mgmt --force
  • Your ansible_network_os in the inventory is using the built-in checkpoint modules of Ansible. You need to force to use the modules from the collection that you installed
    • ansible_network_os=check_point.mgmt.checkpoint

Then in the playbook, the Ansible module is referred to check_point.mgmt.MODULE
See: 
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/ and look for modules starting cp_mgmt

Let us know if you have any other questions.

ukohae
Contributor

When I try to install Ansible Collection on my office machine. I keep getting an error message

" Error! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>

Art_Zalenekas
Employee
Employee

So that is something completely else. It seems like you have HTTPS Interception (SSL Decryption) going outbound or just don't have the CA certificates installed. So install your TLS/SSL Interceptors CA on that machine, or you can execute the ansible-galaxy with --ignore-certs

$ ansible-galaxy collection install check_point.mgmt --force --ignore-certs

Make sure you have ca-certificates is installed, according to your Linux Distro (this is for Debian based systems) which will install common CA certificates.

ukohae
Contributor

So I ran the command. 

$ ansible-galaxy collection install check_point.mgmt --force --ignore-certs

 

I have the ca-certificate,  but I get an Error Message.

ERROR! Mismatch artifact hash with the downloaded file

 

Art_Zalenekas
Employee
Employee

Sorry, but without looking at your environment it's hard to say what it could be. This is not anymore Ansible related.