Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ankur_Datta
Collaborator

Integrating Ansible with checkpoint R80.10 Take 479 throws error.

Hi All,

 

We have Management server running on R80.10 take 479. I am integrating it with Ansible. I followed the Ansible deployment guide. But when i run ansible-playbook ansible-cp-test.yml, i get errors:

 

TASK [login] ***********************************************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/home/ankur/.ansible/tmp/ansible-tmp-1561117201.56-117286171471423/AnsiballZ_check_point_mgmt.py\", line 114, in \r\n _ansiballz_main()\r\n File \"/home/ankur/.ansible/tmp/ansible-tmp-1561117201.56-117286171471423/AnsiballZ_check_point_mgmt.py\", line 106, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/ankur/.ansible/tmp/ansible-tmp-1561117201.56-117286171471423/AnsiballZ_check_point_mgmt.py\", line 49, in invoke_module\r\n imp.load_module('__main__', mod, module, MOD_DESC)\r\n File \"/tmp/ansible_check_point_mgmt_payload_93Ts0A/__main__.py\", line 8, in \r\nImportError: No module named cpapi\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP *************************************************************************************************************************************************************************************************
127.0.0.1 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

 

Ansible is installed on Ubuntu OS.

 

Kindly guide.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

It tells you in the error message: you're missing the cpapi module.
You need to install it: https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
0 Kudos
Ankur_Datta
Collaborator

Hi,

cp_mgmt_api_python_sdk is already downloaded and copied to python2.7 folder. 

 

image.png

 

I imported this folder as well.

 

I followed deployment guide. Deployment Guide says "Take a break". Does it means it take time to import this folder.

 

Regards,

Ankur

0 Kudos
PhoneBoy
Admin
Admin

Just because you've decompressed the file into the appropriate doesn't mean you've installed the module.
The link I provided previously explains how to install it.
0 Kudos
Ankur_Datta
Collaborator

Ohh i got it. i installed the module and it worked but when i am running a below playbook - 

 

---
- hosts: GW
tasks:
- name: "login"
check_point_mgmt:
command: login
parameters:
username: "{{mgmt_user}}"
password: "{{mgmt_password}}"
management: "{{mgmt_server}}"
fingerprint: "{{fingerprint}}"
register: login_response
- name: "add test host"
check_point_mgmt:
command: add-host
parameters:
name: "test-123abc"
ip-address: "1.1.1.2"
color: "red"
session-data: "{{login_response}}"
- name: "discard"
check_point_mgmt:
command: discard
session-data: "{{login_response}}"
- name: "logout"
check_point_mgmt:
command: logout
session-data: "{{login_response}}"

 

i can't see host is created. 

 

i get below output:

 

ankur@ankur-virtual-machine:~/71442b35e6e8d830e19f776a7b1b6cc8$ ansible-playbook ansible-cp-test.yml

PLAY [GW] ******************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [login] ***************************************************************************************************************************************************************
[WARNING]: The value {'username': 'admin', 'management': '192.168.155.20', 'password': 'vpn123'} (type dict) in a string field was converted to u"{'username': 'admin',
'management': '192.168.155.20', 'password': 'vpn123'}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change.

ok: [127.0.0.1]

TASK [add test host] *******************************************************************************************************************************************************
[WARNING]: The value {'failed': False, 'changed': False, 'response': {'domain': None, 'url': '192.168.155.20:443', 'sid': '2jP5iL__pFExFqxlgO0nz9zdtdX0MStlhWyLrlFsiTI',
'context': 'web_api', 'fingerprint': '707C3540158E780AA86476233C1D46E56BEDE2EA', 'api_version': '1.1'}, 'warnings': ['The value {\'username\': \'admin\', \'management\':
\'192.168.155.20\', \'password\': \'vpn123\'} (type dict) in a string field was converted to u"{\'username\': \'admin\', \'management\': \'192.168.155.20\', \'password\':
\'vpn123\'}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change.']} (type dict) in a string field was converted
to u'{\'failed\': False, \'changed\': False, \'response\': {\'domain\': None, \'url\': \'192.168.155.20:443\', \'sid\': \'2jP5iL__pFExFqxlgO0nz9zdtdX0MStlhWyLrlFsiTI\',
\'context\': \'web_api\', \'fingerprint\': \'707C3540158E780AA86476233C1D46E56BEDE2EA\', \'api_version\': \'1.1\'}, \'warnings\': [\'The value {\\\'username\\\':
\\\'admin\\\', \\\'management\\\': \\\'192.168.155.20\\\', \\\'password\\\': \\\'vpn123\\\'} (type dict) in a string field was converted to u"{\\\'username\\\':
\\\'admin\\\', \\\'management\\\': \\\'192.168.155.20\\\', \\\'password\\\': \\\'vpn123\\\'}" (type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.\']}' (type string). If this does not look like what you expect, quote the entire value to ensure it does not change.

[WARNING]: The value {'color': 'red', 'name': 'test-123abc', 'ip-address': '1.1.1.2'} (type dict) in a string field was converted to u"{'color': 'red', 'name': 'test-
123abc', 'ip-address': '1.1.1.2'}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change.

changed: [127.0.0.1]

TASK [discard] *************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [logout] **************************************************************************************************************************************************************
ok: [127.0.0.1]

PLAY RECAP *****************************************************************************************************************************************************************
127.0.0.1 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

 

Further why are we using 127.0.0.1?

 

Thanks

0 Kudos
PhoneBoy
Admin
Admin

You're talking to the Ansible agent on the localhost, which is making the relevant API calls.
There is no Ansible agent on the Check Point appliances to talk to.
0 Kudos
Upcoming Events

    CheckMates Events