Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
thki
Explorer

Server returned response without token info during connection authentication

Hi all


My first post in checkmates forum so be gentle 😉


Trying to connect to Gaia rest api with ansible


Inventory :

[test:vars]
checkpoint ansible_host=XXXXXXX
ansible_user='XXXXXXXXX'
ansible_password='XXXXXXXXXXX'
ansible_network_os=checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
XXXXXXX


Playbook:

---
- hosts: test
connection: httpapi
gather_facts: false
tasks:
- name: collect-host facts
cp_mgmt_host_facts:
details_level: standard
limit: 50
offset: 0


I get this response :


PLAY [test] *******************************************************************************************************************************************************************************************************************************************************************

TASK [collect-host facts] *****************************************************************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [XXXXXXX]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 102, in <module>\n _ansiballz_main()\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host_facts', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python2.7/runpy.py\", line 176, in run_module\n fname, loader, pkg_name)\n File \"/usr/lib64/python2.7/runpy.py\", line 82, in _run_module_code\n mod_name, mod_fname, mod_loader, pkg_name)\n File \"/usr/lib64/python2.7/runpy.py\", line 72, in _run_code\n exec code in run_globals\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py\", line 131, in <module>\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py\", line 126, in main\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 179, in api_call_facts\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 56, in send_request\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
XXXXXXX : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

 

# ansible --version
ansible 2.9.12
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/user/thki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

 

Ive verified that I can connect to api via curl and get token back? Our checkpoint administrator can see login and logoff on management server?

 

Kind Regards

Thomas

6 Replies
PhoneBoy
Admin
Admin

What precise version of Check Point Management (with JHF level) are you connecting with?
Believe for Ansible, it should be R80.20+ with a recent JHF installed.

0 Kudos
thki
Explorer

we are running R80.30+ jumbo 155

0 Kudos
mervin16
Participant

Did someone find a fix for this ? I am facing the same issue on R80.40:

This is Check Point Security Management Server R80.40 - Build 150
This is Check Point's software version R80.40 - Build 685

Can someone please help ?

0 Kudos
Sigbjorn
Advisor

Did you enable the API and allow access for the ip/subnet you are connecting from?

What does the output from a simple curl test say?

curl https://<mgmtip>/web_api/login -H 'Content-Type: application/json' -d '{"user":"xxx", "password":"xxx" }' -kv

0 Kudos
Jim_Oqvist
Employee
Employee

Hi,

Not sure if you are trying to use the gaia collection that leverages the gaia API or the mgmt collection that leverages the Management API.
The playbook in in the start of this thread is using a module from the mgmt collection that leverages the Management API.

Anyway
I recommend to take a look at the Read Me under: https://galaxy.ansible.com/check_point/mgmt
I recommend to download the latest collection from galaxy.
Here is a updated working example using the mgmt collection from galaxy:

/etc/ansible/hosts

[test:vars]
ansible_user=api_user # Admin username on management server
ansible_password=vpn123 # Admin password on management server
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
192.168.233.71 # IP of the Check Point management server

 

The playbook using the collection from galaxy

---
- hosts: test
  connection: httpapi
  gather_facts: false
  tasks:
    - name: collect-host facts
      check_point.mgmt.cp_mgmt_host_facts:
        details_level: standard
        limit: 50
        offset: 0

 

Kind Regards
Jim

0 Kudos
Jim_Oqvist
Employee
Employee

In addition, take a look at my response here to ensure you are not encountering the problem I am mentioning in that response

https://community.checkpoint.com/t5/Ansible/Ansible-Connection-Error/m-p/101387/highlight/true#M400

0 Kudos