Server returned response without token info during connection authentication
CapAnsible opened this issue · comments
Hi all
Trying to connect to Gaia rest api with ansible
Inventory :
[test:vars]
checkpoint ansible_host=XXXXXXX
ansible_user='XXXXXXXXX'
ansible_password='XXXXXXXXXXX'
ansible_network_os=checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
[test]
XXXXXXX
Playbook:
- hosts: test
connection: httpapi
gather_facts: false
tasks: - name: collect-host facts
cp_mgmt_host_facts:
details_level: standard
limit: 50
offset: 0
I get this response :
PLAY [test] *******************************************************************************************************************************************************************************************************************************************************************
TASK [collect-host facts] *****************************************************************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [XXXXXXX]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n File "/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py", line 102, in \n _ansiballz_main()\n File "/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host_facts', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib64/python2.7/runpy.py", line 176, in run_module\n fname, loader, pkg_name)\n File "/usr/lib64/python2.7/runpy.py", line 82, in _run_module_code\n mod_name, mod_fname, mod_loader, pkg_name)\n File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code\n exec code in run_globals\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py", line 131, in \n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py", line 126, in main\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py", line 179, in api_call_facts\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py", line 56, in send_request\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
XXXXXXX : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
ansible --version
ansible 2.9.12
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/user/thki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Ive verified that I can connect to api via curl and get token back? Our checkpoint administrator can see login and logoff on management server?
We found the error :
when we query the commvault api login we dont get uid in response we only get token (sid).
When we comment out line 63 in checkpoint.py (httpapi in collections)
try:
self.connection._auth = {'X-chkp-sid': response_data['sid']}
# self.connection._session_uid = response_data['uid']
except KeyError:
raise ConnectionError(
'Server returned response without token info during connection authentication: %s' % response)
The error disappears. Do we need uid in all modules? If yes why does checkpoint api not return it?
We are running R80.30+ jumbo 155 checkpoint version.
Hi @CapAnsible ,
I've few questions:
- did you somehow tried to login in read-only mode?
- can you please share the playbook you run?
- can you try to install the collection instead of the core modules?
(you will need to change "ansible_network_os=checkpoint" to "ansible_network_os=check_point.mgmt.checkpoint") - can you share the output of running your playbook when you write -vvvv at the end of the command?
Thanks,
Or
Hi @chkp-orso ,
I identified how triggered / reproduce the above issue, it is triggered when using underscore "_" in the hostname and mapping that hostname in to an ip address in /etc/hosts
Steps to reproduce.
In this scenario hostname:
- chkp-mgmt will succeed
- chkp_sms will fail.
Add det following to /etc/ansible/hosts:
ansible_user=admin
ansible_password=vpn123
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
[test]
# using hostname in the playbook, where IP to hostname is mapped in /etc/hosts
chkp-mgmt # This will work
chkp_sms # This will fail, the issue is triggered when using underscore in the hostname
Add det following line to /etc/hosts
192.168.233.71 chkp-mgmt chkp_sms
Test with this playbook:
- hosts: test
connection: httpapi
gather_facts: false
tasks:
- name: collect-host facts
check_point.mgmt.cp_mgmt_host_facts:
details_level: standard
limit: 50
offset: 0
The result of the play-book will be:
PLAY [test] ****************************************************************
TASK [collect-host facts] ***************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 400
fatal: [chkp_sms]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_host_facts', init_globals=None, run_name='__main__', alter_sys=False)\n File \"/usr/lib/python2.7/runpy.py\", line 192, in run_module\n fname, loader, pkg_name)\n File \"/usr/lib/python2.7/runpy.py\", line 72, in _run_code\n exec code in run_globals\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py\", line 131, in <module>\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py\", line 126, in main\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 233, in api_call_facts\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 186, in handle_call\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 65, in send_request\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 400\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee
stdout/stderr for the exact error", "rc": 1}
ok: [chkp-mgmt]
PLAY RECAP *****************************************************
chkp-mgmt : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
chkp_sms : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
This is the error I see in API.elg when using hostname with underscore (chkp_sms) in the name:
Note the empty "X-Forwarded-Host=[]" value
2020-11-09 11:17:05,803 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp996388716-19954] - Inbound Message
----------------------------
ID: 314
Address: http://127.0.0.1:55456/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], Authorization=[Basic YWRtaW46dnBuMTIz], connection=[keep-alive], Content-Length=[39], content-type=[application/json], Host=[127.0.0.1:55456], User-Agent=[Ansible], X-Forwarded-For=[192.168.233.173], X-Forwarded-Host=[], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.233.71]}
--------------------------------------
2020-11-09 11:17:06,062 INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp996388716-19951] - Outbound Message
---------------------------
ID: 314
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 09 Nov 2020 10:17:06 GMT]}
Payload: {
"code" : "generic_err_missing_required_header",
"message" : "Invalid header: [X-Forwarded-Host]"
}
While using a dash sign in the hostname (chkp-mgmt) provides a successful login with correct X-Forwarded-Host header:
Note the correct "X-Forwarded-Host=[chkp-mgmt:443]" value
2020-11-09 11:17:05,803 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp996388716-19954] - Inbound Message
----------------------------
ID: 313
Address: http://127.0.0.1:55456/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], Authorization=[Basic YWRtaW46dnBuMTIz], connection=[keep-alive], Content-Length=[39], content-type=[application/json], Host=[127.0.0.1:55456], User-Agent=[Ansible], X-Forwarded-For=[192.168.233.173],
X-Forwarded-Host=[chkp-mgmt:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.233.71]} 2020-11-09 11:17:06,248 INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp996388716-19954] - Outbound Message
---------------------------
ID: 313
Response-Code: 200
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 09 Nov 2020 10:17:06 GMT]}
Payload: {
"uid" : "1ee6cf05-4ace-48a3-a727-923bb0c38c3a",
"sid" : "b8a0f09080510fced85e0ab5390225f9",
"url" : "https://chkp-mgmt:443/web_api",
"session-timeout" : 600,
"last-login-was-at" : {
"posix" : 1604916630539,
"iso-8601" : "2020-11-09T11:10+0100"
},
"api-server-version" : "1.7"
}
@chkp-orso excuse me for the delayed response here, and WRT to issue No I haven't faced the issue
Hi @chkp-orso , I also have the same as CapAnsible. The module throws the "Server returned response without token info during connection authentication: 200" error unless line 63 in checkpoint.py is commented out. I believe it's because I'm connecting to a readonly/standby controller which isn't returning a uid field on login. Connecting to the active controller DOES return this value and the module works fine with that, but I specifically want to use the standby controller for the queries I want to perform. Is there any chance of an update which will allow connecting to standby controllers?
@BarrieAlmond can u share the complete verbose debug log of your play run, also can u confirm if your hostname has -.
Hi @justjais , I'm connecting by IP so there's no - in the hostname. I've included the debug log though I've cut out some of the tasks from before it gets to the failure since they run locally and aren't relevant, and I've obscured some details for security. I've also included the output from login calls using cURL.
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
script declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
Parsed /home/username/checkpoint/inventory.yml inventory source with yaml plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py
PLAYBOOK: playbookname.yml **************************************************************************************Positional arguments: playbookname.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/username/checkpoint/inventory.yml',)
forks: 5
1 plays in playbookname.yml
TASK [playbookname : taskname] ************************************************task path: /home/username/checkpoint/roles/rolename/tasks/includes/include.yml:8
<172.17.12.126> attempting to start connection
<172.17.12.126> using connection plugin httpapi
<172.17.12.126> found existing local domain socket, using it!
<172.17.12.126> updating play_context for connection
<172.17.12.126>
<172.17.12.126> local domain socket path is /home/username/.ansible/pc/51fee0a563
<172.17.12.126> ESTABLISH LOCAL CONNECTION FOR USER: username
<172.17.12.126> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006" && echo ansible-tmp-1612191609.1128356-64660072670006="echo /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/network/check_point/checkpoint_object_facts.py
<172.17.12.126> PUT /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/tmpw4ri05y8 TO /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py
<172.17.12.126> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/ /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c '/usr/bin/python3 /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 102, in
_ansiballz_main()
File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)
File "/usr/lib/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc
ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [checkpoint]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 102, in \n _ansiballz_main()\n File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib/python3.8/runpy.py", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\n exec(code, run_globals)\n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in \n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main\n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object\n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
Output from logging in to the standby server using cURL:
{
"sid" : "(value)",
"url" : "https://standbyserver:443/web_api",
"session-timeout" : 600,
"last-login-was-at" : {
"posix" : 1612191618219,
"iso-8601" : "2021-02-01T15:00+0000"
},
"read-only" : true,
"standby" : true,
"api-server-version" : "1.6"
}
Output from logging in to the active server using cURL:
{
"uid" : "(value)",
"sid" : "(value)",
"url" : "https://activeserver:443/web_api",
"session-timeout" : 600,
"last-login-was-at" : {
"posix" : 1611565769368,
"iso-8601" : "2021-01-25T09:09+0000"
},
"api-server-version" : "1.6"
}
As you can see, the active server returns a uid value, while the standby - the one I want to use - does not. I believe this is why commenting out the line mentioned earlier solves the problem with connecting to the standby.
@BarrieAlmond Thanks for your quick response, for further triaging can u add ansible_connection=httpapi in your checkpoint inventory and share the debug verbose log again.
Hi @justjais , no change I'm afraid. Here is the log, and at the bottom I've included my inventory.
ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
script declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
Parsed /home/username/checkpoint/inventory.yml inventory source with yaml plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py
PLAYBOOK: playbookname.yml ***********************************************************************************************************************************************************************************************************
Positional arguments: playbookname.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/username/checkpoint/inventory.yml',)
forks: 5
1 plays in playbookname.yml
PLAY [Create CSV of Checkpoint objects requested for decom] *********************************************************************************************************************************************************************************
META: ran handlers
TASK [playbookname : taskname] *********************************************************************************************************************************************************************
task path: /home/username/checkpoint/roles/rolename/tasks/includes/include.yml:8
<172.17.12.126> attempting to start connection
<172.17.12.126> using connection plugin httpapi
<172.17.12.126> found existing local domain socket, using it!
<172.17.12.126> updating play_context for connection
<172.17.12.126>
<172.17.12.126> local domain socket path is /home/username/.ansible/pc/d27ffcd652
<172.17.12.126> ESTABLISH LOCAL CONNECTION FOR USER: username
<172.17.12.126> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155" && echo ansible-tmp-1612194562.4706943-67164519766155="echo /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/network/check_point/checkpoint_object_facts.py
<172.17.12.126> PUT /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/tmpo_6wj1cx TO /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py
<172.17.12.126> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/ /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c '/usr/bin/python3 /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 102, in
_ansiballz_main()
File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)
File "/usr/lib/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc
ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [checkpoint]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 102, in \n _ansiballz_main()\n File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib/python3.8/runpy.py", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\n exec(code, run_globals)\n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in \n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main\n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object\n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
all:
hosts:
checkpoint:
ansible_host: ipaddress
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_network_os: check_point.mgmt.checkpoint
ansible_user: username
ansible_password: password
ansible_connection: httpapi
@BarrieAlmond can u share your complete play as well for me to triage from my end, Thanks.
Hi @justjais , the play I've been using is quite complex but any basic play will fail if that one line in checkpoint.py isn't commented out. This one for example will work if the line is commented out, but give the above error with the default collection files...apologies if the yaml formatting gets mangled:
-
name: Create CSV of Checkpoint objects requested for decom
hosts: checkpoint
gather_facts: no
connection: httpapitasks:
- name: show-hosts
cp_mgmt_host_facts:
details_level: standard
limit: 5
offset: 0
- name: show-hosts
@BarrieAlmond were you able to get past the particular issue ?
@justjais Only with the tweak detailed above by CapAnsible of commenting out line 63 in checkpoint.py (httpapi in collections). It would be nice if this could be officially incorporated in to the code if there is no other/better solution.
Hey @justjais just stumpled over this issue while while trying the exact simple playbook @BarrieAlmond mentioned above. I just wanted some facts from host objects.
I ran into the same error when connecting with a user who has only read permissions. This also works with the workaround by commenting out line 65 in ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py.
When connecting as a user who has read/write permissions, the playbook is executed successfully without commenting out the line in connection.py.
Maybe this helps getting this issue sorted out.