search

CheckPointSW / CheckPointAnsibleMgmtCollection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.
https://galaxy.ansible.com/check_point/mgmt
Apache License 2.0
39 stars 30 forks source link

Modules missing on the tar file #123

Closed AnaPatriciaGraca closed 7 months ago

AnaPatriciaGraca commented 7 months ago

I have this ansible server where I have installed the tarball file and the export module I need is missing. I've downloaded the most recent version and installed it again. The module I noticed is missing is the cp_mgmt_export_management. Is it possible to replace the tarball file with the most recent with all the modules that are in the documentation?

https://galaxy.ansible.com/ui/repo/published/check_point/mgmt/content/module/cp_mgmt_export_management/

chkp-edenbr commented 7 months ago

Hi @AnaPatriciaGraca , I don't think i understand, the latest version v5.2.2 contains the cp_mgmt_export_management resource module, it's available both here and in Ansible Galaxy & RedHat AutomationHub. Regards, Eden

AnaPatriciaGraca commented 7 months ago

That is in fact the version I downloaded. This is the output fo the readme file:

Check Point Ansible Mgmt Collection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.

The Ansible Check Point modules reference can be found here: https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-point-mgmt
Note - look only at the cp_mgmt_* modules, cause the checkpoint_* will be deprecated.

This is the repository of the mgmt collection which can be found here - https://galaxy.ansible.com/check_point/mgmt

Installation instructions

Run ansible-galaxy collection install check_point.mgmt

Requirements

Usage

  1. Edit the hosts so that it will contain a section similar to this one: 
    [check_point]
%CHECK_POINT_MANAGEMENT_SERVER_IP%
[check_point:vars]
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False
ansible_user=%CHECK_POINT_MANAGEMENT_SERVER_USER%
ansible_password=%CHECK_POINT_MANAGEMENT_SERVER_PASSWORD%
ansible_network_os=check_point.mgmt.checkpoint

    Note - If you want to run against Ansible version 2.9 instead of the collection, just replace ansible_network_os=check_point.mgmt.checkpoint with ansible_network_os=checkpoint

    2. Run a playbook:

    ansible-playbook your_ansible_playbook.yml

    or

Run a playbook in "check mode":

ansible-playbook -C your_ansible_playbook.yml

Example playbook:

---
- name: playbook name
  hosts: check_point
  connection: httpapi
  tasks:
    - name: task to have network
      check_point.mgmt.cp_mgmt_network:
        name: "network name"
        subnet: "4.1.76.0"
        mask_length: 24
        auto_publish_session: true

      vars:
        ansible_checkpoint_domain: "SMC User"

Note - If you want to run against Ansible version 2.9 instead of the collection, just replace check_point.mgmt.cp_mgmt_network with cp_mgmt_network

Notes:

  1. Because this Ansible module is controlling the management server remotely via the web API, the Ansible server needs to have access to the Check Point API server. Open SmartConsole, navigate to "Manage & Settings > Blades > Management API > Advanced settings" and check the API server's accessibility set
  2. Ansible has a feature called "Check Mode" that enables you to test the changes without actually changing anything.
  3. The login and logout happens automatically.
  4. If you want to login to a specific domain, in the playbook above in the varssecion change the domain name to ansible_checkpoint_domain
  5. There are two ways to publish changes: a. Set the auto_publish_session to true as displayed in the example playbook above. This option will publish only the task which this parameter belongs to. b. Add the task to publish to the cp_mgmt_publish module. This option will publish all the tasks above this task.
  6. It is recommended by Check Point to use this collection over the modules of Ansible version 2.9
  7. If you still want to use Ansible version 2.9 instead of this collection (not recommended): a. In the hosts file replace ansible_network_os=check_point.mgmt.checkpoint with ansible_network_os=checkpoint b. In the task in the playbook replace the module check_point.mgmt.cp_mgmt_* with the module cp_mgmt_*
  8. Starting from version 1.0.6, when running a command which returns a task-id, and the user chooses to wait for that task to finish (the default is to wait), then the output of the command will be the output of the show-task command (instead of the task-id).

Modules

The module cp_mgmt_export_management isn't there

chkp-edenbr commented 6 months ago

The README isn't updated, we'll be sure to do in the next release