gabstopper / ansible-stonesoft

Ansible libraries for automating Stonesoft FW Management
Apache License 2.0
10 stars 3 forks source link

SMC 6.2 issue with L3fw_cluster #2

Closed meandus closed 6 years ago

meandus commented 6 years ago

Hi,

After trying to play your playbook on m SMC 6.2.2 i had this issue

The full traceback is: Traceback (most recent call last): File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 428, in main() File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 425, in main StonesoftCluster() File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 235, in init super(StonesoftCluster, self).init(self.module_args, supports_check_mode=True) File "/tmp/ansible_JUiDdH/ansible_modlib.zip/ansible/module_utils/stonesoft_util.py", line 299, in init File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 292, in exec_module engine = FirewallCluster.create(**management) TypeError: create() takes at least 7 arguments (11 given)

fatal: [localhost]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 428, in \n main()\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 425, in main\n StonesoftCluster()\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 235, in init\n super(StonesoftCluster, self).init(self.module_args, supports_check_mode=True)\n File \"/tmp/ansible_JUiDdH/ansible_modlib.zip/ansible/module_utils/stonesoft_util.py\", line 299, in init\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 292, in exec_module\n engine = FirewallCluster.create(**management)\nTypeError: create() takes at least 7 arguments (11 given)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0

i played l3fw_cluster.yml

gabstopper commented 6 years ago

Hi meandus, The current playbook/module has changed, I will be posting a new dev release in the next day which will work. The current has some new requirements around the latest smc-python release. Will post instructions back as well. By the way, which version of smc-python are you using?

meandus commented 6 years ago

I'm currently using the latest one from master so 0.60 or 0.61 right ?

Have you made some tries with the latest release of smc 6.3.2 ?

I would like also create Autonomous System object with 32 bits asn (conversion needed to store 65000.65015 as decimal number in smc) . Do you know the function to do this step ?

I can open a new case for this if you prefer.

RÉMY POUCHAIN.

Le 21 février 2018 18:04:11 GMT+01:00, David LePage notifications@github.com a écrit :

Hi meandus, The current playbook/module has changed, I will be posting a new dev release in the next day which will work. The current has some new requirements around the latest smc-python release. Will post instructions back as well. By the way, which version of smc-python are you using?

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367396907

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Hi Remy, That would make sense as the l3_cluster playbook is stale on the repo, i'll upload a new version today. I've updated the smc-python API to better support ansible cases where elements can be created all at once (i.e. engines with many interfaces) rather than having interfaces being done after the initial connection. This has proven to be much more efficient and also provides the positive side effect that if an engine creation fails, it cannot leave a partially configured engine in the SMC. That would happen in the previous case where you might create an engine, then it fails on creating one of the interfaces.

For the BGP AS, there is not currently a function (not in SMC either), but so I understand correctly, you would use the "asdot" format to specify the AS and have this converted to decimal for SMC.

meandus commented 6 years ago

Hi David

Better is to push in ansible an asdot format., yes

Thanks for the update.

For bgp there is a specifi object for asn in the dynamic routing section.

RÉMY POUCHAIN

Le 21 février 2018 22:20:20 GMT+01:00, David LePage notifications@github.com a écrit :

Hi Remy, That would make sense as the l3_cluster playbook is stale on the repo, i'll upload a new version today. I've updated the smc-python API to better support ansible cases where elements can be created all at once (i.e. engines with many interfaces) rather than having interfaces being done after the initial connection. This has proven to be much more efficient and also provides the positive side effect that if an engine creation fails, it cannot leave a partially configured engine in the SMC. That would happen in the previous case where you might create an engine, then it fails on creating one of the interfaces.

For the BGP AS, there is not currently a function (not in SMC either), but so I understand correctly, you would use the "asdot" format to specify the AS and have this converted to decimal for SMC.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367476049

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Hi Remy, I have added a function to convert an 'asdot' formatted BGP ASN to the smc.routing.bgp.AutonomousSystem class of smc-python. Ansible requires this library to perform all actions. Creating an AS in smc-python is as easy as:

AutonomousSystem.create(name='fooas', as_number='200.600')

if you download the latest dev build push from now forward you will have this functionality and it is then supported in ansible.

I have also updated the ansible repo, please try the l3_cluster playbook example.

BGP configurations can be done using the bgp.yml example. You can change the as_number to dotted syntax.

Also, please check engine_facts.yml, there is an example that I'm experimenting with where you can pull the engine back down in yaml format which allows for modifications after a fetch of the current engine state.

meandus commented 6 years ago

Hi David,

Thanks a lot for that :) you are pretty efficient.

My goal is to build a full configuration from scratch for route based vpn with bgp. I did the same for underlay on cisco.

Thanks a lot for all your actions

RÉMY POUCHAIN.

Le 22 février 2018 07:44:05 GMT+01:00, David LePage notifications@github.com a écrit :

Hi Remy, I have added a function to convert an 'asdot' formatted BGP ASN to the smc.routing.bgp.AutonomousSystem class of smc-python. Ansible requires this library to perform all actions. Creating an AS in smc-python is as easy as:

AutonomousSystem.create(name='fooas', as_number='200.600')

if you download the latest dev build push from now forward you will have this functionality and it is then supported in ansible.

I have also updated the ansible repo, please try the l3_cluster playbook example.

BGP configurations can be done using the bgp.yml example. You can change the as_number to dotted syntax.

Also, please check engine_facts.yml, there is an example that I'm experimenting with where you can pull the engine back down in yaml format which allows for modifications after a fetch of the current engine state.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367583415

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Ok, that's great. One of the original intents was to allow ansible management for quick spin up, especially complex configurations like RBVPN. In addition, quick spin up is important to better support cloud ops as well. Let me know how you get on. Seems I have a small bug in route_vpn.yml to create the RBVPN, i'll fix shortly and repost. Otherwise the 3 playbooks (you can combine into one) will allow you to fully create the whole configuration (including the remote RBVPN gateways).

meandus commented 6 years ago

Hi David,

Is it possible to add on ansible: capacity to choose Location , control primary & backup, snmp agent during cluster creation ?

Cvi_mode: standby does not work. When im checking firewall : still balancing.

But all the rest works perfectly

RÉMY POUCHAIN.

Le 22 février 2018 15:30:41 GMT+01:00, David LePage notifications@github.com a écrit :

Ok, that's great. One of the original intents was to allow ansible management for quick spin up, especially complex configurations like RBVPN. In addition, quick spin up is important to better support cloud ops as well. Let me know how you get on. Seems I have a small bug in route_vpn.yml to create the RBVPN, i'll fix shortly and repost. Otherwise the 3 playbooks (you can combine into one) will allow you to fully create the whole configuration (including the remote RBVPN gateways).

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367697924

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Hi Remy, Yes, I will add that and have a new version ready for Monday latest. I was just thinking about that as well. Currently only primary_mgt is available to set the management interface ID.

gabstopper commented 6 years ago

Hi Remy, I will close this as commit @3bb9eca resolves these issues.