Closed tuxonfire closed 1 month ago
Hi @tuxonfire , please share the playbook and the the rule you are trying to edit.
Thanks, Eden
Hi @chkp-edenbr The errors is randomly happening, the higher the number of objects, the longer it takes to modify the rule and then getting the error.
- name: "set-access-rule"
check_point.mgmt.cp_mgmt_access_rule:
layer: "{{ network_layer }}"
name: "{{ rule_uid }}" # this is the entry point and can be uuid
comments: "{{ comments }}"
position: "{{ position_rule }}"
source: "{{ source }}"
source_negate: "{{ source_negate }}"
destination: "{{ destination }}"
destination_negate: "{{ destination_negate }}"
service: "{{ service }}"
service_negate: "{{ service_negate }}"
action: "{{ action }}"
state: present
track:
type: "{{ type | default(omit) }}"
auto_publish_session: yes
wait_for_task: yes
# wait_for_task_timeout: 5 # minutes
register: set_acces_rule_output
# ignore_errors: yes
retries: "{{ retries_role_var }}"
delay: "{{ delay_role_var }}"
until: set_acces_rule_output is not failed
Hi @tuxonfire ,
Which version of Ansible and our collection are you using?
We do not support uuids in our Ansible collection. As specified in the check_point.mgmt.cp_mgmt_access_rule module, the 'name' argument accepts the object's name (if you set the object's name to be its uuid then that's OK).
Also, why use the retries, delay & until params? The command shouldn't fail, and if it has then you should regard the error message. Furthermore, for better performance, it is recommended to publish a number of changes rather than each change.
Once the error occurs, please send me the following log files that reside in the following path /var/log/opt/CPsuite-R81.20/fw1/log/: api.elg, api.csv, cpm.elg
My mail - edenbr@checkpoint.com
Thanks, Eden
The following check_point.mgmt.cp_mgmt_access_rule gives a timeout, even when has been increased to connect_timeout=300 as well as command_timeout=300, it gives the following exception when it modifies a rule already existent: