search

CheckPointSW / CheckPointAnsibleGAIACollection

An Ansible collection provides control over a Check Point machine using Check Point's web-services APIs.
20 stars 21 forks source link

Try to use run_script module: output is unreadable #20

Closed R1sCh0 closed 1 year ago

R1sCh0 commented 1 year ago

Hi, I open this issue because i'm unable to read the output when I execute "scripts" using the run_script module.

first heres an extract of my inventory file:

    Checkpoint:
      hosts:
        CPHOST1:
          ansible_host: 10.X.X.X
          ansible_user: admin
          #ansible_port: 22
          ansible_password: XXXXXXX
          ansible_network_os: check_point.gaia.checkpoint
          ansible_httpapi_use_ssl: true
          ansible_httpapi_validate_certs: false

Heres my playbook with a module to show CP version that works and the other to just do a "ls"

- name: Backup CHECKPOINT Firewalls
  hosts: Checkpoint
  connection: httpapi
  gather_facts: false
  collections:
    - check_point.gaia
  vars:
    backup_folder: "{{ lookup('env', 'HOME') }}/Documents/ansible/BACKUPS"
    ansible_network_os: check_point.gaia.checkpoint
  tags:
    - backup_cp

  tasks:
    - debug:
        var: hostvars[inventory_hostname]

    - name: SHOW VERSION
      cp_gaia_version_facts:

    - name: RUN-SCRIPT
      cp_gaia_run_script:
        script: "ls -la"

heres the ansible command that i run:

ansible-playbook -i inventory.yaml playbook_cp.yaml

And heres the output with verbose option:

PLAY [Backup CHECKPOINT Firewalls] *************************************************************************************************
META: ran handlers

TASK [debug] ***********************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:109
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
ok: [CPHOST1] => {
    "hostvars[inventory_hostname]": {
        "ansible_check_mode": false,
        "ansible_config_file": null,
        "ansible_diff_mode": false,
        "ansible_facts": {},
        "ansible_forks": 5,
        "ansible_host": "10.X.X.X",
        "ansible_httpapi_use_ssl": true,
        "ansible_httpapi_validate_certs": false,
        "ansible_inventory_sources": [
            "/root/Documents/ansible/inventory2.yaml"
        ],
        "ansible_network_os": "check_point.gaia.checkpoint",
        "ansible_password": "XXXXXXXXX",
        "ansible_playbook_python": "/usr/local/python/bin/python3.10",
        "ansible_run_tags": [
            "backup_cp"
        ],
        "ansible_skip_tags": [],
        "ansible_user": "admin",
        "ansible_verbosity": 3,
        "ansible_version": {
            "full": "2.13.3",
            "major": 2,
            "minor": 13,
            "revision": 3,
            "string": "2.13.3"
        },
        "group_names": [
            "Checkpoint"
        ],
        "groups": {
            XXXXXX
            "ungrouped": []
        },
        "inventory_dir": "/root/Documents/ansible",
        "inventory_file": "/root/Documents/ansible/inventory2.yaml",
        "inventory_hostname": "CPHOST1",
        "inventory_hostname_short": "CPHOST1",
        "omit": "__omit_place_holder__3badb8a7dc00dc46a19acf16b8009fb5c2694515",
        "playbook_dir": "/root/Documents/ansible"
    }
}

TASK [SHOW VERSION] ****************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:112
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.X.X.X> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.X.X.X> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612 `" && echo ansible-tmp-1661446015.509898-43784-184291448021612="` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_version_facts.py
<10.X.X.X> PUT /root/.ansible/tmp/ansible-local-43768hu_qnwmb/tmphjkw7d_j TO /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py
<10.X.X.X> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/ /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c '/usr/local/python/bin/python3.10 /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/ > /dev/null 2>&1 && sleep 0'
ok: [CPHOST1] => {
    "ansible_facts": {
        "os_build": "326",
        "os_edition": "64-bit",
        "os_kernel_version": "3.10.0-693cpx86_64",
        "product_version": "Check Point Gaia R80.30"
    },
    "changed": false,
    "invocation": {
        "module_args": {}
    }
}

TASK [RUN-SCRIPT] ******************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:115
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.X.X.X> ESTABLISH HTTP(S) CONNECTFOR USER: admin TO https://10.X.X.X:443
<10.X.X.X> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.X.X.X> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633 `" && echo ansible-tmp-1661446019.5531673-43806-222912190976633="` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_run_script.py
<10.X.X.X> PUT /root/.ansible/tmp/ansible-local-43768hu_qnwmb/tmpi_0fa6sy TO /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py
<10.X.X.X> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/ /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c '/usr/local/python/bin/python3.10 /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/ > /dev/null 2>&1 && sleep 0'
changed: [CPHOST1] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "args": null,
            "description": null,
            "environment_variables": [
                {
                    "name": "VAR_NAME",
                    "value": "VAR_VALUE"
                }
            ],
            "script": "ls -la",
            "wait_for_task": true
        }
    },
    "run_script": {
        "tasks": [
            {
                "execution-time": "0.02",
                "last-update-time": "2022-08-25T18:51+0200",
                "progress-description": "succeeded",
                "progress-percentage": 100,
                "start-time": "2022-08-25T18:51+0200",
                "status": "succeeded",
                "status-code": 200,
                "task-details": [
                    {
                        "error": "",
                        "output": "dG90YWwgMTg3MjQKZHJ3eHJ3eHJ3dCAgNiBhZG1pbiByb290ICAgICAgICAyMjYgQXVnIDI1IDE4OjUxIC4KZHJ3eHIteHIteCAyMCBhZG1pbiByb290ICAgICAgICAyNzMgSnVsIDI5IDE3OjU5IC4uCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgIDQ1MTI1IEF1ZyAyNSAxNTo1MCBOb25lCmRyd3hyd3gtLS0gIDMgYWRtaW4gcm9vdCAgICAgICAgIDI1IEp1bCAgNiAxNzoyNSBhcGkKZHJ3eC0tLS0tLSAgMiBhZG1pbiByb290ICAgICAgICAgIDYgSmFuIDI5ICAyMDIxIGNwcmlkCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgICA4NzU0IEF1ZyAyNSAxODo0NiBkdW1wLnJkYgotcnctci0tci0tICAxIGFkbWluIGNvbmZpZyAgICAgICAyMSBBdWcgMjUgMTg6NTEgZ2FpYUxhc3RMb2dpbgpkcnd4LS0tLS0tICAzIGFkbWluIHJvb3QgICAgICAgIDEyNiBKdW4gMTYgIDIwMjEgaXBzCi1ydy1ydy1yLS0gIDEgYWRtaW4gY29uZmlnICAgICAxMzM0IEF1ZyAgMyAxNTo1MCBteV9wb2xpY3kyLnBvbAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBGZWIgMTIgIDIwMjEgcnBtLXRtcC40NTM5MAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNTI1NCBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOQotcnctci0tci0tICAxIGFkbWluIHJvb3QgICAxOTA3ODc0OCBKdW4gMTYgIDIwMjEgc2RfdXBkYXRlcy51cGYKZHJ3eHIteHIteCAgMiBhZG1pbiByb290ICAgICAgICAgMjQgQXVnIDE2ICAyMDIxIHRtcApzcnd4ci14ci14ICAxIGFkbWluIGNvbmZpZyAgICAgICAgMCBBdWcgIDMgMTU6NTAgdWRzX3NvY2tldA==",
                        "return-value": 0
                    }
                ],
                "task-id": "cca7929b-a945-45d9-a212-2558f4b7167b",
                "task-name": "/run-script",
                "time-spent-in-queue": "0.01"
            }
        ]
    }
}
META: ran handlers
META: ran handlers

PLAY RECAP *************************************************************************************************************************
CPHOST1                    : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

The output is unreadable. Is it a bug ? Which command could work ? Should I be using a .sh script instead ? "output": "dG90YWwgMTg3MjQKZHJ3eHJ3eHJ3dCAgNiBhZG1pbiByb290ICAgICAgICAyMjYgQXVnIDI1IDE4OjUxIC4KZHJ3eHIteHIteCAyMCBhZG1pbiByb290ICAgICAgICAyNzMgSnVsIDI5IDE3OjU5IC4uCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgIDQ1MTI1IEF1ZyAyNSAxNTo1MCBOb25lCmRyd3hyd3gtLS0gIDMgYWRtaW4gcm9vdCAgICAgICAgIDI1IEp1bCAgNiAxNzoyNSBhcGkKZHJ3eC0tLS0tLSAgMiBhZG1pbiByb290ICAgICAgICAgIDYgSmFuIDI5ICAyMDIxIGNwcmlkCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgICA4NzU0IEF1ZyAyNSAxODo0NiBkdW1wLnJkYgotcnctci0tci0tICAxIGFkbWluIGNvbmZpZyAgICAgICAyMSBBdWcgMjUgMTg6NTEgZ2FpYUxhc3RMb2dpbgpkcnd4LS0tLS0tICAzIGFkbWluIHJvb3QgICAgICAgIDEyNiBKdW4gMTYgIDIwMjEgaXBzCi1ydy1ydy1yLS0gIDEgYWRtaW4gY29uZmlnICAgICAxMzM0IEF1ZyAgMyAxNTo1MCBteV9wb2xpY3kyLnBvbAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBGZWIgMTIgIDIwMjEgcnBtLXRtcC40NTM5MAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNTI1NCBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOQotcnctci0tci0tICAxIGFkbWluIHJvb3QgICAxOTA3ODc0OCBKdW4gMTYgIDIwMjEgc2RfdXBkYXRlcy51cGYKZHJ3eHIteHIteCAgMiBhZG1pbiByb290ICAgICAgICAgMjQgQXVnIDE2ICAyMDIxIHRtcApzcnd4ci14ci14ICAxIGFkbWluIGNvbmZpZyAgICAgICAgMCBBdWcgIDMgMTU6NTAgdWRzX3NvY2tldA==",

R1sCh0 commented 1 year ago

I finally found that the output is send in BASE64 on purpose (even if it's not mentionned in the docs of the API)

So for the future people using this module: it works... You just have to decode base64 with something like this:

- name: Backup CHECKPOINT Firewalls
  hosts: Checkpoint
  connection: httpapi
  gather_facts: false
  collections:
    - check_point.gaia
  vars:
    backup_folder: "{{ lookup('env', 'HOME') }}/Documents/ansible/BACKUPS"
    ansible_network_os: check_point.gaia.checkpoint
  tags:
    - backup_cp

  tasks:
    - debug:
        var: hostvars[inventory_hostname]

    - name: SHOW VERSION
      cp_gaia_version_facts:

    - name: RUN-SCRIPT
      cp_gaia_run_script:
        script: "ls -la"
      register: output_encode

    - name: CONVERT BASE64 to string
      set_fact:
        output_decode: "{{ output_encode.run_script['tasks'][0]['task-details'][0].output | b64decode }}"

R1sCh0