checkpointsw / checkpointansiblegaiacollection Goto Github PK
View Code? Open in Web Editor NEWAn Ansible collection provides control over a Check Point machine using Check Point's web-services APIs.
checkpointansiblegaiacollection's People
Contributors
Stargazers
Watchers
Forkers
anshulbehl rdarst nitzanefdome9 damindap stan-hardter hwahab chkp-majds arw-thomasm thedoubl3j stephanblanke bob-zimmerman chkp-ameera netscrapd oranod chkp-roital chkp-ophirk duanetoler katgalraghucheckpointansiblegaiacollection's Issues
Docs site error
On this URL https://galaxy.ansible.com/check_point/gaia when you click on "docs site" you go on inexisting url.
regards
Questions: HowTo
I don't find any documentation so i ask here for information.
I am looking to gaia eguivalent commands to console ones.
How for example with ansible gaia collection can i get the following informations i get currently with the ssh terminal:
- disk space free like with this console command : df -h
- number of tunneling channels: like with this console command "fw tab -s -t userc_users "
- cluster status info like these console commands:
- cphaprob state
- cphaprob -a if
- cphaprob -i list
- interfaces infos like with this console command: show interface
regards
Module: cp_gaia_password_policy.py does not allow to input "never" as str for password_expiration_days
Hi Guys
Nice work with this Collection
Is it possible to add option to add string "never" for:
password_expiration_days and password_expiration_maximum_days_before_lock to allow to revert to default config?
Like this:
password-expiration-days # Password expiration lifetime, default value is 'never'
integer:
Valid values are 60-604800
or
string:
Optional arguments: never
The same goes for password_expiration_maximum_days_before_lock
Any plans to extend this?
Hi,
Ar there any plans to extend this?
It seems only a limited set of the GAIA REST API command is included.
Are you willing to accept contributions from others to extend it?
Try to use run_script module: output is unreadable
Hi, I open this issue because i'm unable to read the output when I execute "scripts" using the run_script module.
- check_point.gaia: 4.0.0
- Checkpoint appliance version: R80.30
- ansible version: core 2.13.3
- python version: 3.10.5
first heres an extract of my inventory file:
Checkpoint:
hosts:
CPHOST1:
ansible_host: 10.X.X.X
ansible_user: admin
#ansible_port: 22
ansible_password: XXXXXXX
ansible_network_os: check_point.gaia.checkpoint
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: falseHeres my playbook with a module to show CP version that works and the other to just do a "ls"
- name: Backup CHECKPOINT Firewalls
hosts: Checkpoint
connection: httpapi
gather_facts: false
collections:
- check_point.gaia
vars:
backup_folder: "{{ lookup('env', 'HOME') }}/Documents/ansible/BACKUPS"
ansible_network_os: check_point.gaia.checkpoint
tags:
- backup_cp
tasks:
- debug:
var: hostvars[inventory_hostname]
- name: SHOW VERSION
cp_gaia_version_facts:
- name: RUN-SCRIPT
cp_gaia_run_script:
script: "ls -la"
heres the ansible command that i run:
ansible-playbook -i inventory.yaml playbook_cp.yaml
And heres the output with verbose option:
PLAY [Backup CHECKPOINT Firewalls] *************************************************************************************************
META: ran handlers
TASK [debug] ***********************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:109
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
ok: [CPHOST1] => {
"hostvars[inventory_hostname]": {
"ansible_check_mode": false,
"ansible_config_file": null,
"ansible_diff_mode": false,
"ansible_facts": {},
"ansible_forks": 5,
"ansible_host": "10.X.X.X",
"ansible_httpapi_use_ssl": true,
"ansible_httpapi_validate_certs": false,
"ansible_inventory_sources": [
"/root/Documents/ansible/inventory2.yaml"
],
"ansible_network_os": "check_point.gaia.checkpoint",
"ansible_password": "XXXXXXXXX",
"ansible_playbook_python": "/usr/local/python/bin/python3.10",
"ansible_run_tags": [
"backup_cp"
],
"ansible_skip_tags": [],
"ansible_user": "admin",
"ansible_verbosity": 3,
"ansible_version": {
"full": "2.13.3",
"major": 2,
"minor": 13,
"revision": 3,
"string": "2.13.3"
},
"group_names": [
"Checkpoint"
],
"groups": {
XXXXXX
"ungrouped": []
},
"inventory_dir": "/root/Documents/ansible",
"inventory_file": "/root/Documents/ansible/inventory2.yaml",
"inventory_hostname": "CPHOST1",
"inventory_hostname_short": "CPHOST1",
"omit": "__omit_place_holder__3badb8a7dc00dc46a19acf16b8009fb5c2694515",
"playbook_dir": "/root/Documents/ansible"
}
}
TASK [SHOW VERSION] ****************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:112
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.X.X.X> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.X.X.X> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612 `" && echo ansible-tmp-1661446015.509898-43784-184291448021612="` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_version_facts.py
<10.X.X.X> PUT /root/.ansible/tmp/ansible-local-43768hu_qnwmb/tmphjkw7d_j TO /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py
<10.X.X.X> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/ /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c '/usr/local/python/bin/python3.10 /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/ > /dev/null 2>&1 && sleep 0'
ok: [CPHOST1] => {
"ansible_facts": {
"os_build": "326",
"os_edition": "64-bit",
"os_kernel_version": "3.10.0-693cpx86_64",
"product_version": "Check Point Gaia R80.30"
},
"changed": false,
"invocation": {
"module_args": {}
}
}
TASK [RUN-SCRIPT] ******************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:115
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.X.X.X> ESTABLISH HTTP(S) CONNECTFOR USER: admin TO https://10.X.X.X:443
<10.X.X.X> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.X.X.X> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633 `" && echo ansible-tmp-1661446019.5531673-43806-222912190976633="` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_run_script.py
<10.X.X.X> PUT /root/.ansible/tmp/ansible-local-43768hu_qnwmb/tmpi_0fa6sy TO /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py
<10.X.X.X> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/ /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c '/usr/local/python/bin/python3.10 /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/ > /dev/null 2>&1 && sleep 0'
changed: [CPHOST1] => {
"changed": true,
"invocation": {
"module_args": {
"args": null,
"description": null,
"environment_variables": [
{
"name": "VAR_NAME",
"value": "VAR_VALUE"
}
],
"script": "ls -la",
"wait_for_task": true
}
},
"run_script": {
"tasks": [
{
"execution-time": "0.02",
"last-update-time": "2022-08-25T18:51+0200",
"progress-description": "succeeded",
"progress-percentage": 100,
"start-time": "2022-08-25T18:51+0200",
"status": "succeeded",
"status-code": 200,
"task-details": [
{
"error": "",
"output": "dG90YWwgMTg3MjQKZHJ3eHJ3eHJ3dCAgNiBhZG1pbiByb290ICAgICAgICAyMjYgQXVnIDI1IDE4OjUxIC4KZHJ3eHIteHIteCAyMCBhZG1pbiByb290ICAgICAgICAyNzMgSnVsIDI5IDE3OjU5IC4uCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgIDQ1MTI1IEF1ZyAyNSAxNTo1MCBOb25lCmRyd3hyd3gtLS0gIDMgYWRtaW4gcm9vdCAgICAgICAgIDI1IEp1bCAgNiAxNzoyNSBhcGkKZHJ3eC0tLS0tLSAgMiBhZG1pbiByb290ICAgICAgICAgIDYgSmFuIDI5ICAyMDIxIGNwcmlkCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgICA4NzU0IEF1ZyAyNSAxODo0NiBkdW1wLnJkYgotcnctci0tci0tICAxIGFkbWluIGNvbmZpZyAgICAgICAyMSBBdWcgMjUgMTg6NTEgZ2FpYUxhc3RMb2dpbgpkcnd4LS0tLS0tICAzIGFkbWluIHJvb3QgICAgICAgIDEyNiBKdW4gMTYgIDIwMjEgaXBzCi1ydy1ydy1yLS0gIDEgYWRtaW4gY29uZmlnICAgICAxMzM0IEF1ZyAgMyAxNTo1MCBteV9wb2xpY3kyLnBvbAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBGZWIgMTIgIDIwMjEgcnBtLXRtcC40NTM5MAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNTI1NCBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOQotcnctci0tci0tICAxIGFkbWluIHJvb3QgICAxOTA3ODc0OCBKdW4gMTYgIDIwMjEgc2RfdXBkYXRlcy51cGYKZHJ3eHIteHIteCAgMiBhZG1pbiByb290ICAgICAgICAgMjQgQXVnIDE2ICAyMDIxIHRtcApzcnd4ci14ci14ICAxIGFkbWluIGNvbmZpZyAgICAgICAgMCBBdWcgIDMgMTU6NTAgdWRzX3NvY2tldA==",
"return-value": 0
}
],
"task-id": "cca7929b-a945-45d9-a212-2558f4b7167b",
"task-name": "/run-script",
"time-spent-in-queue": "0.01"
}
]
}
}
META: ran handlers
META: ran handlers
PLAY RECAP *************************************************************************************************************************
CPHOST1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The output is unreadable. Is it a bug ? Which command could work ? Should I be using a .sh script instead ?
"output": "dG90YWwgMTg3MjQKZHJ3eHJ3eHJ3dCAgNiBhZG1pbiByb290ICAgICAgICAyMjYgQXVnIDI1IDE4OjUxIC4KZHJ3eHIteHIteCAyMCBhZG1pbiByb290ICAgICAgICAyNzMgSnVsIDI5IDE3OjU5IC4uCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgIDQ1MTI1IEF1ZyAyNSAxNTo1MCBOb25lCmRyd3hyd3gtLS0gIDMgYWRtaW4gcm9vdCAgICAgICAgIDI1IEp1bCAgNiAxNzoyNSBhcGkKZHJ3eC0tLS0tLSAgMiBhZG1pbiByb290ICAgICAgICAgIDYgSmFuIDI5ICAyMDIxIGNwcmlkCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgICA4NzU0IEF1ZyAyNSAxODo0NiBkdW1wLnJkYgotcnctci0tci0tICAxIGFkbWluIGNvbmZpZyAgICAgICAyMSBBdWcgMjUgMTg6NTEgZ2FpYUxhc3RMb2dpbgpkcnd4LS0tLS0tICAzIGFkbWluIHJvb3QgICAgICAgIDEyNiBKdW4gMTYgIDIwMjEgaXBzCi1ydy1ydy1yLS0gIDEgYWRtaW4gY29uZmlnICAgICAxMzM0IEF1ZyAgMyAxNTo1MCBteV9wb2xpY3kyLnBvbAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBGZWIgMTIgIDIwMjEgcnBtLXRtcC40NTM5MAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNTI1NCBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOQotcnctci0tci0tICAxIGFkbWluIHJvb3QgICAxOTA3ODc0OCBKdW4gMTYgIDIwMjEgc2RfdXBkYXRlcy51cGYKZHJ3eHIteHIteCAgMiBhZG1pbiByb290ICAgICAgICAgMjQgQXVnIDE2ICAyMDIxIHRtcApzcnd4ci14ci14ICAxIGFkbWluIGNvbmZpZyAgICAgICAgMCBBdWcgIDMgMTU6NTAgdWRzX3NvY2tldA==",
Error in playbook example?
I think there is an error in the playbook example:
---
- name: playbook name
hosts: check_point
connection: httpapi
tasks:
- name: task to have network
check_point.mgmt.cp_gaia_hostname:
name: "newhost"
I think it shoud be:
---
- name: playbook name
hosts: check_point
connection: httpapi
tasks:
- name: task to have network
check_point.gaia.cp_gaia_hostname:
name: "newhost"
check_point.gaia.cp_gaia_physical_interfaces_facts: TypeError: string indices must be integers
Subject
unable to use check_point.gaia.cp_gaia_physical_interfaces_facts
Environment
ansible 2.9.24
python version = 3.6.8 (default, May 6 2020, 12:04:35) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
ansible.netcommon collection: "version": "2.6.1",
check_point.gaia : "version": "2.0.0",
#Inventory
ansible_network_os: check_point.gaia.checkpoint
ansible_connection: ansible.netcommon.httpapi
Command
ansible -i my-inventory.yml mydevice -m check_point.gaia.cp_gaia_physical_interfaces_facts -e 'ansible_python_interpreter=python3'
Results
2022-05-13 09:05:18,279 p=80811 umyaccount n=ansible | Using module file /usr/share/ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_physical_interfaces_facts.py
2022-05-13 09:05:18,280 p=80811 umyaccount n=ansible | PUT /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/tmpf7ivmq9j TO /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.
684108-80811-94927829950467/AnsiballZ_cp_gaia_physical_interfaces_facts.py
2022-05-13 09:05:18,305 p=80811 umyaccount n=ansible | EXEC /bin/sh -c 'chmod u+x /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.684108-80811-94927829950467/ /home/w23960p/.ans
ible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.684108-80811-94927829950467/AnsiballZ_cp_gaia_physical_interfaces_facts.py && sleep 0'
2022-05-13 09:05:18,330 p=80811 umyaccount n=ansible | EXEC /bin/sh -c 'python3 /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.684108-80811-94927829950467/AnsiballZ_cp_gaia_phy
sical_interfaces_facts.py && sleep 0'
2022-05-13 09:05:18,794 p=81499 umyaccount n=ansible | Traceback (most recent call last):
File "/home/w23960p/venv3_6/lib64/python3.6/site-packages/ansible/utils/jsonrpc.py", line 45, in handle_request
result = rpc_method(*args, **kwargs)
File "/usr/share/ansible/collections/ansible_collections/check_point/gaia/plugins/httpapi/checkpoint.py", line 68, in send_request
response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)
File "/home/w23960p/venv3_6/lib64/python3.6/site-packages/ansible/plugins/connection/init.py", line 34, in wrapped
self._connect()
File "/usr/share/ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/httpapi.py", line 260, in _connect
self.get_option("remote_user"), self.get_option("password")
File "/usr/share/ansible/collections/ansible_collections/check_point/gaia/plugins/httpapi/checkpoint.py", line 50, in login
self.connection._auth = {'X-chkp-sid': response_data['sid']}
TypeError: string indices must be integers
Tag v5.0.1 not present in GitHub, but present in Ansible Galaxy
As stated, the version 5.0.1, as available through Ansible Galaxy is not present in this GitHub repository.
https://galaxy.ansible.com/ui/repo/published/check_point/gaia/
As we can see, the latest version on the repo as of today is 5.0.0.
Missing meta data
Dear Developer,
For readability and Search Engine Optimization (SEO) it would be great if you could do the followings:
- Please provide more than 8 words in the "About" field
- Please provide relevant "Topics"
Environment topic examples:
azure, aws, gcp
Functionality topic examples:
build, deploy, staging, operate, terraform, ansible, helm, android, cloudguardIaaS, management, gaia, threat-prevention, identity-awareness, smp, iot, cloudguard-connect, cloudguard-dome9, malware, evasion
VSX support
Hi,
I'd like to know if this module is supported for VSX clusters. I'm not entirely sure that the Gaia API is available for VSX, did a quick google search and found nothing.
Do you know if this is supported on VSX clusters? Is there another way to quickly gather information on the interfaces of a VSX cluster or, ideally, per VS?
Thanks!
Feature request - SNMP module
Good day,
Would be nice to be able to configure snmp on the gateways with an ansible module.
Both for virtual systems and physical gateways.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.