search

CheckPointSW / CheckPointAnsibleMgmtCollection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.
https://galaxy.ansible.com/check_point/mgmt
Apache License 2.0
40 stars 30 forks source link

The domain variable is not being updated in the module check_point.mgmt.cp_mgmt_install_policy #73

Closed Alffernandez closed 1 year ago

Alffernandez commented 2 years ago

When execute a playbook with domainA and domainB, the module seems to be stuck with the value of domainA when we try to use domainB, causing it to not find the policies, vsx, etc. However if we launch a test with domainB and domainA, the opposite happens, it stays with the value of domainB and fails when dealing with elements of domainA.

"msg": "Checkpoint device returned error 400 with message {'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [targets]. Input installation target [VSX_2] does not exist, or is not an installable target'} Unpublished changes were discarded"

"msg": "Checkpoint device returned error 404 with message {'code': 'generic_err_object_not_found', 'message': 'Requested object [Policy_3] not found'} Unpublished changes were discarded"

We have already used this module and others from the checkpoint collection, and so far we have only used 1 playbook - 1 domain. The current case is 1 playbook - n domains.

ansible version: 2.9.4 check_point.mgmt version: 2.0.0

Playbooks

---
case_name: example case
controllers:
  - controller_name: check_point1
    controller_ip: x.x.x.x
    domains:
      - domain_name: Domain_1
        policy: "Policy_1"
        vsxs: ["VSX_1"]
      - domain_name: Domain_2
        policy: "Policy_2"
        vsxs: ["VSX_2"]
      - domain_name: Domain_2
        policy: "Policy_3"
        vsxs: ["VSX_2"]
    version: "R80.20"
---
- name: Playbook for install policy over domains
  hosts: all
  gather_facts: no

  tasks:
    - name: show_controllers data
      debug:
        msg: "{{ controllers }}"

    # Loop over each domain and install given policy
    - name: "install-policy on {{ item.domain_name }} domain and {{ item.vsxs }} vsx"
      check_point.mgmt.cp_mgmt_install_policy:
        access: true
        install_on_all_cluster_members_or_fail: yes
        wait_for_task: yes
        wait_for_task_timeout: 1
        policy_package: "{{ item.policy }}"
        targets: "{{ item.vsxs }}"
      vars:
        ansible_checkpoint_domain: "{{ item.domain_name }}"
      loop: "{{ controllers[0]['domains'] }}"
chkp-shirango commented 2 years ago

Hi @Alffernandez,

Please try to add all your domains under one group in the hosts file and use it in the playbook. Hosts: image Playbook: image

Thanks, Shiran