Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BJ_Brooks
Participant

Error Publishing Changes with Ansible

All,

I'm having trouble tracking down my issue publishing the changes I've made in a playbook. Playbook is below as well as inventory. I've attempted to auto_publish_session when creating the host object, I've attempted removing the vars: from the publish task and various combinations but nothing has worked. My session appears in the MDS as Disconnected after the playbook has run and shows I have 2 changes and locks. I have to manually publish from MDS (right click, publish) for the changes to be applied. 

If I run the host creation task and policy install task independently, they work fine. It's only when the publish comes into play. Running in verbose mode provides no additional useful information. 

Thoughts?

Error:

FAILED! => {"changed": false, "msg": "Task Publish operation with task id 01234567-7843-cdef-a872-9b93c41e3005 failed. Look at the logs for more details"}

It should be noted, I'm running MDS and 80.40 (JHF 94). 

---
- hosts: cma
connection: httpapi
tasks:


- name: Create Host Object
cp_mgmt_host:
name: some-object-name
ipv4_address: 10.10.10.10
state: present
color: firebrick
comments: ChangeRequest#
ignore_warnings: yes
groups:
- Some-Group-Name

vars:
ansible_checkpoint_domain: MDS-Domain

- name: Publish Changes
cp_mgmt_publish:

vars:
ansible_checkpoint_domain: MDS-Domain

- name: Install Policy on MDS-Domain
cp_mgmt_install_policy:
policy_package: FW_Policy
install_on_all_cluster_members_or_fail: yes
targets:
- target1-fw
- target2-fw

vars:
ansible_checkpoint_domain: MDS-Domain

 

 

Inventory:

[cma]
10.10.10.10

[cma:vars]
ansible_httpapi_validate_certs=False
ansible_httpapi_use_ssl=True
ansible_network_os=check_point.mgmt.checkpoint
#ansible_network_os=checkpoint
ansible_user=myuser-name

 

9 Replies
PhoneBoy
Admin
Admin

What does $FWDIR/log/api.elg say when you try to publish?

BJ_Brooks
Participant

There is no api.elg to be found... in all of /opt. 

BJ_Brooks
Participant

I'll add that the audit log from the CMA only shows a login/logout. 

Art_Zalenekas
Employee
Employee

Please use the ENV variable $FWDIR to get to that directory. At the end of the day, it will be in /var/log/opt/CPsuite-R80.40/fw1/log/api.elg
If you use the $FWDIR/log/api.elg it will point to the same location.

Vincent_Bacher
Advisor

He also can modify api log level using "api log debug" and after replication of issue "api log warn" or whatever. 

and now to something completely different
BJ_Brooks
Participant

Thanks... was able to locate. Issue is session description. 

"fault-message" : "Publish cannot be performed without entering a session name and description."

0 Kudos
BJ_Brooks
Participant

Still haven't cracked this one... api.elg is displaying the below.

"fault-message" : "Publish cannot be performed without entering a session name and description."

 

I have include a task to set the session... have attempted auto publish on the object creation task to no avail. 

- name: set-session
cp_mgmt_set_session:
description: "CR123456789"

 

Any thoughts? The MDS is set to have a session name generated on publish. If we do it through the CMA, we can set the session name to whatever we want, but through ansible, not so much. 

0 Kudos
PhoneBoy
Admin
Admin

There's a setting on the management side to not require a description.
It's possible this may be required to use the auto-publish feature.
Paging @Or_Soffer 

Screen Shot 2021-03-31 at 5.42.47 PM.png

0 Kudos
Jonas_Rosenboom
Employee
Employee

If your management requires All sessions must have a description you need to explicitly set both description and new_name for the session through Ansible.

20210409_085031-WindowsTerminal-314.png

If you want to use auto_publish just make sure that `set_session` is performed prior to the task with auto_publish.

The requirement for both name and description is not limited to Ansible, but affects all API usage (including `mgmt_cli`) when All sessions must have a description is enabled. 

0 Kudos