Giters

CheckPointSW / CheckPointAnsibleMgmtCollection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.

Home Page:https://galaxy.ansible.com/check_point/mgmt

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cp_mgmt_run_script module

simonmacpherson opened this issue · comments

commented

I'm running bash scripts using the cp_mgmt_run_script Ansible module for checkpoint against remote gateways.

The scripts run successfully on the gateways.

Within Smart Console, the task populates in the recent task list but not not complete. It does not progress and must be manually cleared.

If I run the script vi a POST api call using the run-script module using either mgmt_cli or web services, the task progresses to completion as expected.

Checkpoint GAIA Versions:

Mgmt version: R80.30 GA 210
Gateway version: R80.30 GA 196

The following error is returned in the cli when the playbook is run

TASK [run-script] ****************************************************************************************************************

fatal: [10.1.2.51]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": {" code": "generic_err_invalid_parameter", "message": "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is und efined.\nInvalid parameter for [task-id]. Invalid value"}}

An mentioned, the task actually runs successfully against the target gateway.

Here is the related information from $FWDIR/log/api.elg

ID: 14684

Response-Code: 400

Content-Type: application/json

Headers: {Content-Type=[application/json], Date=[Thu, 23 Jul 2020 23:57:15 GMT]}

Payload: {

"code" : "generic_err_invalid_parameter",

"message" : "Invalid parameter for [task-id]. Invalid value"

}

2020-07-23 23:57:17,419 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp1325351680-37] - Inbound Message

ID: 14685

Address: http://127.0.0.1:50276/web_api/show-task

Encoding: ISO-8859-1

Http-Method: POST

Content-Type: application/json

Headers: {accept-encoding=[identity], connection=[keep-alive], Content-Length=[114], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[Python-urllib/2.7], X-Chkp-Sid=[8b04d47571c316b5c41d763d30263ffe], X-Forwarded-For=[10.1.7.110], X-Forwarded-Host=[10.1.2.51:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[10.1.2.51]}

Payload: {"task-id": {"task-id": "01466935-7a42-4478-89bd-d38019364e0b", "target": "26db824a-f9a9-436b-a826-9899f41c8c4e"}}

2020-07-23 23:57:17,425 WARN com.checkpoint.management.web_api_is.utils.helpers.RequestHeadersHelper.getMediaType_aroundBody6:9 [qtp1325351680-37] - No Accept header received. Falling back to default media type [application/json].

2020-07-23 23:57:17,426 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.:21 [qtp1325351680-37] - Cache created and initialized

2020-07-23 23:57:17,427 ERROR com.checkpoint.management.web_api_is.utils.jackson.deserializers.BaseMultiValueDeserializer.deserializeSingleObject_aroundBody2:16 [qtp1325351680-37] - Failed to deserialize parameter: [task-id], value is not from type: [java.lang.String]

2020-07-23 23:57:17,427 ERROR com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException.log:42 [qtp1325351680-37] - Error code: [GENERIC_ERR_INVALID_PARAMETER]

2020-07-23 23:57:17,428 ERROR com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException.log:43 [qtp1325351680-37] - Error message: [Invalid parameter for [task-id]. Invalid value]

commented

Hello,
i had the same issue without using the collection. Following steps worked in my environment:

  1. installed the collection on the system in an user defined path
  2. ansible.cfg: adding user defined path to collection Paths in config file
    [defaults]
    collections_paths= ~/.ansible/collections:/usr/share/ansible/collections:%USERDEFINEDPATH%
  3. inventory: adding network os
    ansible_network_os=check_point.mgmt.checkpoint
  4. playbook: put the collection namespace in front of the module name:
    check_point.mgmt.cp_mgmt_run_script

MGMT: R80.40 Build: 294
GW: R80.40 Build 164
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/data/ansible/my_modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Hope this helps to solve your problem.
Greetings
Benni

commented

Hi Benni,

Thanks for your comment.

Installing the collection also worked for me.

I note in the README.md on the github repo (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection) that using the collection is recommended by Checkpoint over using the module built in to Ansible 2.9+. I didn't notice that the first time I read it.

Regards,
Simon