search

CheckPointSW / CheckPointAnsibleMgmtCollection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.
https://galaxy.ansible.com/check_point/mgmt
Apache License 2.0
40 stars 30 forks source link

Playbook fails if cp_mgmt_hosts is the first task #136

Closed duanetoler closed 4 months ago

duanetoler commented 4 months ago

Management server is CloudGuard SmartCenter R81.20 JHF 65

This works:

PLAY [Test]

TASK [check_point.mgmt.cp_mgmt_host_facts]
ok: [cp-mgmt]

TASK [check_point.mgmt.cp_mgmt_hosts] 
ok: [cp-mgmt]

PLAY RECAP
cp-mgmt                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

This does not work:

PLAY [Test] 

TASK [check_point.mgmt.cp_mgmt_hosts] 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}
fatal: [cp-mgmt]: FAILED! => {"msg": "Unexpected failure during module execution: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}", "stdout": ""}

PLAY RECAP 
cp-mgmt                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

ansible-playbook -vvv

TASK [check_point.mgmt.cp_mgmt_hosts] ****************************************************************************************************************************************************************************************************************
task path: /home/ansible/playbooks/tests/tests.yml:18
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
The full traceback is:
Traceback (most recent call last):
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1836, in _httpapi_error_handle
    result = self.api_call_facts(
             ^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1746, in api_call_facts
    code, response = self.handle_call(
                     ^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1658, in handle_call
    code, response = send_request(connection, version, api_url, payload)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 247, in send_request
    code, response = connection.send_request(
                     ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
ansible.module_utils.connection.ConnectionError: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/ansible/executor/task_executor.py", line 158, in run
    res = self._execute()
          ^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ansible/executor/task_executor.py", line 633, in _execute
    result = self._handler.run(task_vars=vars_copy)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py", line 250, in run
    self._result["gathered"] = self.search_for_resource_name(
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py", line 110, in search_for_resource_name
    search_result = self.search_for_existing_rules(
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py", line 86, in search_for_existing_rules
    result = conn_request.post(api_call_object, state, data=search_payload)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1880, in post
    return self._httpapi_error_handle(obj, state, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 1869, in _httpapi_error_handle
    raise _fail_json("connection error occurred: {0}".format(e))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/ansible/collections/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py", line 101, in _fail_json
    raise Exception(msg)
Exception: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}
fatal: [cp-mgmt]: FAILED! => {
    "msg": "Unexpected failure during module execution: connection error occurred: Login to server failed: {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}",
    "stdout": ""
}

ansible-galaxy collection list:

check_point.mgmt          5.2.3

ansible --version:

ansible [core 2.14.11]
chkp-edenbr commented 4 months ago

Hi @duanetoler , You can try using our cp_mgmt_host.py resource module. Regards

duanetoler commented 4 months ago

Yes, that is how I do it normally. However, the host module has a warning to be deprecated in November in favor of the "hosts" action plugin. Looks like the action plugin does not cause the httpapi plugin to login to API server first. Perhaps this is the behavior of action plugins?

chkp-edenbr commented 4 months ago

We will keep supporting cp_mgmt_host.py, and will remove the warning. Thanks

duanetoler commented 4 months ago

We will keep supporting cp_mgmt_host.py, and will remove the warning. Thanks

Oh, nice! Thank you!

duanetoler commented 2 months ago

Ansible documentation URL has very large deprecation warnings for several modules, including cp_mgmt_host module. Will this warning be removed if the module will continue to be supported? https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_host_module.html#ansible-collections-check-point-mgmt-cp-mgmt-host-module

chkp-edenbr commented 2 months ago

The link you've attached is of version 5.2.3, not the recent one

duanetoler commented 2 months ago

Yes it is. However, that's the only version available on docs.ansible.com. However, I did check the documentation at galaxy.ansible.com to compare the difference between 5.2.3 and 6.2.1. I do see the deprecation notice was removed, so that answers the question.

Thanks again!