Server returned response without token info during connection authentication

[CapAnsible]

Hi all

Trying to connect to Gaia rest api with ansible

Inventory :

[test:vars] checkpoint ansible_host=XXXXXXX ansible_user='XXXXXXXXX' ansible_password='XXXXXXXXXXX' ansible_network_os=checkpoint ansible_httpapi_use_ssl=True ansible_httpapi_validate_certs=False

[test] XXXXXXX

Playbook:

---

• hosts: test connection: httpapi gather_facts: false tasks:
• name: collect-host facts cp_mgmt_host_facts: details_level: standard limit: 50 offset: 0

I get this response :

PLAY [test] ***

TASK [collect-host facts] ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200 fatal: [XXXXXXX]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 102, in \n _ansiballz_main()\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host_facts', init_globals=None, run_name='main', alter_sys=True)\n File \"/usr/lib64/python2.7/runpy.py\", line 176, in run_module\n fname, loader, pkg_name)\n File \"/usr/lib64/python2.7/runpy.py\", line 82, in _run_module_code\n mod_name, mod_fname, mod_loader, pkg_name)\n File \"/usr/lib64/python2.7/runpy.py\", line 72, in _run_code\n exec code in run_globals\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py\", line 131, in \n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py\", line 126, in main\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 179, in api_call_facts\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py\", line 56, in send_request\n File \"/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP **** XXXXXXX : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

ansible --version

ansible 2.9.12 config file = /etc/ansible/ansible.cfg configured module search path = [u'/user/thki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Ive verified that I can connect to api via curl and get token back? Our checkpoint administrator can see login and logoff on management server?

[CapAnsible]

We found the error : when we query the commvault api login we dont get uid in response we only get token (sid). When we comment out line 63 in checkpoint.py (httpapi in collections)

    try:
        self.connection._auth = {'X-chkp-sid': response_data['sid']}
#        self.connection._session_uid = response_data['uid']
    except KeyError:
        raise ConnectionError(
            'Server returned response without token info during connection authentication: %s' % response) 

The error disappears. Do we need uid in all modules? If yes why does checkpoint api not return it? We are running R80.30+ jumbo 155 checkpoint version.

[chkp-orso]

Hi @CapAnsible ,

I've few questions:

1. did you somehow tried to login in read-only mode?
2. can you please share the playbook you run?
3. can you try to install the collection instead of the core modules? (you will need to change "ansible_network_os=checkpoint" to "ansible_network_os=check_point.mgmt.checkpoint")
4. can you share the output of running your playbook when you write -vvvv at the end of the command?

Thanks, Or

[jimoq]

Hi @chkp-orso ,

I identified how triggered / reproduce the above issue, it is triggered when using underscore "_" in the hostname and mapping that hostname in to an ip address in /etc/hosts

Steps to reproduce. In this scenario hostname:

• chkp-mgmt will succeed
• chkp_sms will fail.

Add det following to /etc/ansible/hosts:

ansible_user=admin
ansible_password=vpn123
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
# using hostname in the playbook, where IP to hostname is mapped in /etc/hosts
chkp-mgmt # This will work
chkp_sms # This will fail, the issue is triggered when using underscore in the hostname

Add det following line to /etc/hosts 192.168.233.71 chkp-mgmt chkp_sms

Test with this playbook:

- hosts: test
  connection: httpapi
  gather_facts: false
  tasks:
    - name: collect-host facts
      check_point.mgmt.cp_mgmt_host_facts:
        details_level: standard
        limit: 50
        offset: 0

The result of the play-book will be:

PLAY [test] ****************************************************************
TASK [collect-host facts] ***************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 400
fatal: [chkp_sms]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_host_facts', init_globals=None, run_name='__main__', alter_sys=False)\n  File \"/usr/lib/python2.7/runpy.py\", line 192, in run_module\n    fname, loader, pkg_name)\n  File \"/usr/lib/python2.7/runpy.py\", line 72, in _run_code\n    exec code in run_globals\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py\", line 131, in <module>\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py\", line 126, in main\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 233, in api_call_facts\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 186, in handle_call\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 65, in send_request\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 400\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee 
stdout/stderr for the exact error", "rc": 1}
ok: [chkp-mgmt]

PLAY RECAP *****************************************************
chkp-mgmt                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
chkp_sms                   : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

This is the error I see in API.elg when using hostname with underscore (chkp_sms) in the name: Note the empty "X-Forwarded-Host=[]" value

2020-11-09 11:17:05,803  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp996388716-19954] - Inbound Message
---------------------------- 
ID: 314
Address: http://127.0.0.1:55456/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], Authorization=[Basic YWRtaW46dnBuMTIz], connection=[keep-alive], Content-Length=[39], content-type=[application/json], Host=[127.0.0.1:55456], User-Agent=[Ansible], X-Forwarded-For=[192.168.233.173], X-Forwarded-Host=[], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.233.71]}
--------------------------------------
2020-11-09 11:17:06,062  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp996388716-19951] - Outbound Message
---------------------------
ID: 314
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 09 Nov 2020 10:17:06 GMT]}
Payload: {
  "code" : "generic_err_missing_required_header",
  "message" : "Invalid header: [X-Forwarded-Host]"
}

While using a dash sign in the hostname (chkp-mgmt) provides a successful login with correct X-Forwarded-Host header: Note the correct "X-Forwarded-Host=[chkp-mgmt:443]" value

2020-11-09 11:17:05,803  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp996388716-19954] - Inbound Message
----------------------------
ID: 313
Address: http://127.0.0.1:55456/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], Authorization=[Basic YWRtaW46dnBuMTIz], connection=[keep-alive], Content-Length=[39], content-type=[application/json], Host=[127.0.0.1:55456], User-Agent=[Ansible], X-Forwarded-For=[192.168.233.173],
X-Forwarded-Host=[chkp-mgmt:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.233.71]} 2020-11-09 11:17:06,248  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp996388716-19954] - Outbound Message
---------------------------
ID: 313
Response-Code: 200
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 09 Nov 2020 10:17:06 GMT]}
Payload: {
  "uid" : "1ee6cf05-4ace-48a3-a727-923bb0c38c3a",
  "sid" : "b8a0f09080510fced85e0ab5390225f9",
  "url" : "https://chkp-mgmt:443/web_api",
  "session-timeout" : 600,
  "last-login-was-at" : {
    "posix" : 1604916630539,
    "iso-8601" : "2020-11-09T11:10+0100"
  },
  "api-server-version" : "1.7"
}

[chkp-orso]

Hi @justjais ,

Are you familiar with this issue?

[justjais]

@chkp-orso excuse me for the delayed response here, and WRT to issue No I haven't faced the issue

[BarrieAlmond]

Hi @chkp-orso , I also have the same as CapAnsible. The module throws the "Server returned response without token info during connection authentication: 200" error unless line 63 in checkpoint.py is commented out. I believe it's because I'm connecting to a readonly/standby controller which isn't returning a uid field on login. Connecting to the active controller DOES return this value and the module works fine with that, but I specifically want to use the standby controller for the queries I want to perform. Is there any chance of an update which will allow connecting to standby controllers?

[justjais]

@BarrieAlmond can u share the complete verbose debug log of your play run, also can u confirm if your hostname has -.

[BarrieAlmond]

Hi @justjais , I'm connecting by IP so there's no - in the hostname. I've included the debug log though I've cut out some of the tasks from before it gets to the failure since they run locally and aren't relevant, and I've obscured some details for security. I've also included the output from login calls using cURL.

ansible-playbook 2.9.6 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0] Using /etc/ansible/ansible.cfg as config file setting up inventory plugins host_list declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method script declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method Parsed /home/username/checkpoint/inventory.yml inventory source with yaml plugin Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py

PLAYBOOK: playbookname.yml **Positional arguments: playbookname.yml verbosity: 4 connection: smart timeout: 10 become_method: sudo tags: ('all',) inventory: ('/home/username/checkpoint/inventory.yml',) forks: 5 1 plays in playbookname.yml

TASK [playbookname : taskname] ****task path: /home/username/checkpoint/roles/rolename/tasks/includes/include.yml:8 <172.17.12.126> attempting to start connection <172.17.12.126> using connection plugin httpapi <172.17.12.126> found existing local domain socket, using it! <172.17.12.126> updating play_context for connection <172.17.12.126> <172.17.12.126> local domain socket path is /home/username/.ansible/pc/51fee0a563 <172.17.12.126> ESTABLISH LOCAL CONNECTION FOR USER: username <172.17.12.126> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006" && echo ansible-tmp-1612191609.1128356-64660072670006="echo /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006" ) && sleep 0' Using module file /usr/lib/python3/dist-packages/ansible/modules/network/check_point/checkpoint_object_facts.py <172.17.12.126> PUT /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/tmpw4ri05y8 TO /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py <172.17.12.126> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/ /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py && sleep 0' <172.17.12.126> EXEC /bin/sh -c '/usr/bin/python3 /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py && sleep 0' <172.17.12.126> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 102, in _ansiballz_main() File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True) File "/usr/lib/python3.8/runpy.py", line 207, in run_module return _run_module_code(code, init_globals, run_name, mod_spec) File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code _run_code(code, mod_globals, init_globals, File "/usr/lib/python3.8/runpy.py", line 87, in _run_code exec(code, run_globals) File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200 fatal: [checkpoint]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py\", line 102, in \n _ansiballz_main()\n File \"/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)\n File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py\", line 116, in \n File \"/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py\", line 107, in main\n File \"/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py\", line 91, in get_object\n File \"/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

Output from logging in to the standby server using cURL: { "sid" : "(value)", "url" : "https://standbyserver:443/web_api", "session-timeout" : 600, "last-login-was-at" : { "posix" : 1612191618219, "iso-8601" : "2021-02-01T15:00+0000" }, "read-only" : true, "standby" : true, "api-server-version" : "1.6" }

Output from logging in to the active server using cURL: { "uid" : "(value)", "sid" : "(value)", "url" : "https://activeserver:443/web_api", "session-timeout" : 600, "last-login-was-at" : { "posix" : 1611565769368, "iso-8601" : "2021-01-25T09:09+0000" }, "api-server-version" : "1.6" }

As you can see, the active server returns a uid value, while the standby - the one I want to use - does not. I believe this is why commenting out the line mentioned earlier solves the problem with connecting to the standby.

[justjais]

@BarrieAlmond Thanks for your quick response, for further triaging can u add ansible_connection=httpapi in your checkpoint inventory and share the debug verbose log again.

[BarrieAlmond]

Hi @justjais , no change I'm afraid. Here is the log, and at the bottom I've included my inventory.

ansible-playbook 2.9.6 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0] Using /etc/ansible/ansible.cfg as config file setting up inventory plugins host_list declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method script declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method Parsed /home/username/checkpoint/inventory.yml inventory source with yaml plugin Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py

PLAYBOOK: playbookname.yml *** Positional arguments: playbookname.yml verbosity: 4 connection: smart timeout: 10 become_method: sudo tags: ('all',) inventory: ('/home/username/checkpoint/inventory.yml',) forks: 5 1 plays in playbookname.yml

PLAY [Create CSV of Checkpoint objects requested for decom] ***** META: ran handlers

TASK [playbookname : taskname] ***** task path: /home/username/checkpoint/roles/rolename/tasks/includes/include.yml:8 <172.17.12.126> attempting to start connection <172.17.12.126> using connection plugin httpapi <172.17.12.126> found existing local domain socket, using it! <172.17.12.126> updating play_context for connection <172.17.12.126> <172.17.12.126> local domain socket path is /home/username/.ansible/pc/d27ffcd652 <172.17.12.126> ESTABLISH LOCAL CONNECTION FOR USER: username <172.17.12.126> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155" && echo ansible-tmp-1612194562.4706943-67164519766155="echo /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155" ) && sleep 0' Using module file /usr/lib/python3/dist-packages/ansible/modules/network/check_point/checkpoint_object_facts.py <172.17.12.126> PUT /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/tmpo_6wj1cx TO /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py <172.17.12.126> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/ /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py && sleep 0' <172.17.12.126> EXEC /bin/sh -c '/usr/bin/python3 /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py && sleep 0' <172.17.12.126> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 102, in _ansiballz_main() File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True) File "/usr/lib/python3.8/runpy.py", line 207, in run_module return _run_module_code(code, init_globals, run_name, mod_spec) File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code _run_code(code, mod_globals, init_globals, File "/usr/lib/python3.8/runpy.py", line 87, in _run_code exec(code, run_globals) File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200 fatal: [checkpoint]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py\", line 102, in \n _ansiballz_main()\n File \"/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)\n File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py\", line 116, in \n File \"/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py\", line 107, in main\n File \"/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py\", line 91, in get_object\n File \"/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

all: hosts: checkpoint: ansible_host: ipaddress ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_network_os: check_point.mgmt.checkpoint ansible_user: username ansible_password: password ansible_connection: httpapi

[justjais]

@BarrieAlmond can u share your complete play as well for me to triage from my end, Thanks.

[BarrieAlmond]

Hi @justjais , the play I've been using is quite complex but any basic play will fail if that one line in checkpoint.py isn't commented out. This one for example will work if the line is commented out, but give the above error with the default collection files...apologies if the yaml formatting gets mangled:

---

• name: Create CSV of Checkpoint objects requested for decom hosts: checkpoint gather_facts: no connection: httpapi

  tasks:

  • name: show-hosts cp_mgmt_host_facts: details_level: standard limit: 5 offset: 0

[justjais]

@BarrieAlmond were you able to get past the particular issue ?

[BarrieAlmond]

@justjais Only with the tweak detailed above by CapAnsible of commenting out line 63 in checkpoint.py (httpapi in collections). It would be nice if this could be officially incorporated in to the code if there is no other/better solution.

[dapLinux]

Hey @justjais just stumpled over this issue while while trying the exact simple playbook @BarrieAlmond mentioned above. I just wanted some facts from host objects.

I ran into the same error when connecting with a user who has only read permissions. This also works with the workaround by commenting out line 65 in ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py.

When connecting as a user who has read/write permissions, the playbook is executed successfully without commenting out the line in connection.py.

Maybe this helps getting this issue sorted out.