checkpointsw / checkpointansiblegaiacollection Goto Github PK
View Code? Open in Web Editor NEWAn Ansible collection provides control over a Check Point machine using Check Point's web-services APIs.
An Ansible collection provides control over a Check Point machine using Check Point's web-services APIs.
On this URL https://galaxy.ansible.com/check_point/gaia when you click on "docs site" you go on inexisting url.
regards
I don't find any documentation so i ask here for information.
I am looking to gaia eguivalent commands to console ones.
How for example with ansible gaia collection can i get the following informations i get currently with the ssh terminal:
regards
Hi Guys
Nice work with this Collection
Is it possible to add option to add string "never" for:
password_expiration_days and password_expiration_maximum_days_before_lock to allow to revert to default config?
Like this:
password-expiration-days # Password expiration lifetime, default value is 'never'
integer:
Valid values are 60-604800
or
string:
Optional arguments: never
The same goes for password_expiration_maximum_days_before_lock
Hi,
Ar there any plans to extend this?
It seems only a limited set of the GAIA REST API command is included.
Are you willing to accept contributions from others to extend it?
Hi, I open this issue because i'm unable to read the output when I execute "scripts" using the run_script module.
first heres an extract of my inventory file:
Checkpoint:
hosts:
CPHOST1:
ansible_host: 10.X.X.X
ansible_user: admin
#ansible_port: 22
ansible_password: XXXXXXX
ansible_network_os: check_point.gaia.checkpoint
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
Heres my playbook with a module to show CP version that works and the other to just do a "ls"
- name: Backup CHECKPOINT Firewalls
hosts: Checkpoint
connection: httpapi
gather_facts: false
collections:
- check_point.gaia
vars:
backup_folder: "{{ lookup('env', 'HOME') }}/Documents/ansible/BACKUPS"
ansible_network_os: check_point.gaia.checkpoint
tags:
- backup_cp
tasks:
- debug:
var: hostvars[inventory_hostname]
- name: SHOW VERSION
cp_gaia_version_facts:
- name: RUN-SCRIPT
cp_gaia_run_script:
script: "ls -la"
heres the ansible command that i run:
ansible-playbook -i inventory.yaml playbook_cp.yaml
And heres the output with verbose option:
PLAY [Backup CHECKPOINT Firewalls] *************************************************************************************************
META: ran handlers
TASK [debug] ***********************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:109
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
ok: [CPHOST1] => {
"hostvars[inventory_hostname]": {
"ansible_check_mode": false,
"ansible_config_file": null,
"ansible_diff_mode": false,
"ansible_facts": {},
"ansible_forks": 5,
"ansible_host": "10.X.X.X",
"ansible_httpapi_use_ssl": true,
"ansible_httpapi_validate_certs": false,
"ansible_inventory_sources": [
"/root/Documents/ansible/inventory2.yaml"
],
"ansible_network_os": "check_point.gaia.checkpoint",
"ansible_password": "XXXXXXXXX",
"ansible_playbook_python": "/usr/local/python/bin/python3.10",
"ansible_run_tags": [
"backup_cp"
],
"ansible_skip_tags": [],
"ansible_user": "admin",
"ansible_verbosity": 3,
"ansible_version": {
"full": "2.13.3",
"major": 2,
"minor": 13,
"revision": 3,
"string": "2.13.3"
},
"group_names": [
"Checkpoint"
],
"groups": {
XXXXXX
"ungrouped": []
},
"inventory_dir": "/root/Documents/ansible",
"inventory_file": "/root/Documents/ansible/inventory2.yaml",
"inventory_hostname": "CPHOST1",
"inventory_hostname_short": "CPHOST1",
"omit": "__omit_place_holder__3badb8a7dc00dc46a19acf16b8009fb5c2694515",
"playbook_dir": "/root/Documents/ansible"
}
}
TASK [SHOW VERSION] ****************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:112
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.X.X.X> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.X.X.X> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612 `" && echo ansible-tmp-1661446015.509898-43784-184291448021612="` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_version_facts.py
<10.X.X.X> PUT /root/.ansible/tmp/ansible-local-43768hu_qnwmb/tmphjkw7d_j TO /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py
<10.X.X.X> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/ /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c '/usr/local/python/bin/python3.10 /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/AnsiballZ_cp_gaia_version_facts.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446015.509898-43784-184291448021612/ > /dev/null 2>&1 && sleep 0'
ok: [CPHOST1] => {
"ansible_facts": {
"os_build": "326",
"os_edition": "64-bit",
"os_kernel_version": "3.10.0-693cpx86_64",
"product_version": "Check Point Gaia R80.30"
},
"changed": false,
"invocation": {
"module_args": {}
}
}
TASK [RUN-SCRIPT] ******************************************************************************************************************
task path: /root/Documents/ansible/backup_cla_cp.yaml:115
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.X.X.X> ESTABLISH HTTP(S) CONNECTFOR USER: admin TO https://10.X.X.X:443
<10.X.X.X> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.X.X.X> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633 `" && echo ansible-tmp-1661446019.5531673-43806-222912190976633="` echo /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_run_script.py
<10.X.X.X> PUT /root/.ansible/tmp/ansible-local-43768hu_qnwmb/tmpi_0fa6sy TO /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py
<10.X.X.X> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/ /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c '/usr/local/python/bin/python3.10 /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/AnsiballZ_cp_gaia_run_script.py && sleep 0'
<10.X.X.X> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-43768hu_qnwmb/ansible-tmp-1661446019.5531673-43806-222912190976633/ > /dev/null 2>&1 && sleep 0'
changed: [CPHOST1] => {
"changed": true,
"invocation": {
"module_args": {
"args": null,
"description": null,
"environment_variables": [
{
"name": "VAR_NAME",
"value": "VAR_VALUE"
}
],
"script": "ls -la",
"wait_for_task": true
}
},
"run_script": {
"tasks": [
{
"execution-time": "0.02",
"last-update-time": "2022-08-25T18:51+0200",
"progress-description": "succeeded",
"progress-percentage": 100,
"start-time": "2022-08-25T18:51+0200",
"status": "succeeded",
"status-code": 200,
"task-details": [
{
"error": "",
"output": "dG90YWwgMTg3MjQKZHJ3eHJ3eHJ3dCAgNiBhZG1pbiByb290ICAgICAgICAyMjYgQXVnIDI1IDE4OjUxIC4KZHJ3eHIteHIteCAyMCBhZG1pbiByb290ICAgICAgICAyNzMgSnVsIDI5IDE3OjU5IC4uCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgIDQ1MTI1IEF1ZyAyNSAxNTo1MCBOb25lCmRyd3hyd3gtLS0gIDMgYWRtaW4gcm9vdCAgICAgICAgIDI1IEp1bCAgNiAxNzoyNSBhcGkKZHJ3eC0tLS0tLSAgMiBhZG1pbiByb290ICAgICAgICAgIDYgSmFuIDI5ICAyMDIxIGNwcmlkCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgICA4NzU0IEF1ZyAyNSAxODo0NiBkdW1wLnJkYgotcnctci0tci0tICAxIGFkbWluIGNvbmZpZyAgICAgICAyMSBBdWcgMjUgMTg6NTEgZ2FpYUxhc3RMb2dpbgpkcnd4LS0tLS0tICAzIGFkbWluIHJvb3QgICAgICAgIDEyNiBKdW4gMTYgIDIwMjEgaXBzCi1ydy1ydy1yLS0gIDEgYWRtaW4gY29uZmlnICAgICAxMzM0IEF1ZyAgMyAxNTo1MCBteV9wb2xpY3kyLnBvbAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBGZWIgMTIgIDIwMjEgcnBtLXRtcC40NTM5MAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNTI1NCBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOQotcnctci0tci0tICAxIGFkbWluIHJvb3QgICAxOTA3ODc0OCBKdW4gMTYgIDIwMjEgc2RfdXBkYXRlcy51cGYKZHJ3eHIteHIteCAgMiBhZG1pbiByb290ICAgICAgICAgMjQgQXVnIDE2ICAyMDIxIHRtcApzcnd4ci14ci14ICAxIGFkbWluIGNvbmZpZyAgICAgICAgMCBBdWcgIDMgMTU6NTAgdWRzX3NvY2tldA==",
"return-value": 0
}
],
"task-id": "cca7929b-a945-45d9-a212-2558f4b7167b",
"task-name": "/run-script",
"time-spent-in-queue": "0.01"
}
]
}
}
META: ran handlers
META: ran handlers
PLAY RECAP *************************************************************************************************************************
CPHOST1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The output is unreadable. Is it a bug ? Which command could work ? Should I be using a .sh script instead ?
"output": "dG90YWwgMTg3MjQKZHJ3eHJ3eHJ3dCAgNiBhZG1pbiByb290ICAgICAgICAyMjYgQXVnIDI1IDE4OjUxIC4KZHJ3eHIteHIteCAyMCBhZG1pbiByb290ICAgICAgICAyNzMgSnVsIDI5IDE3OjU5IC4uCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgIDQ1MTI1IEF1ZyAyNSAxNTo1MCBOb25lCmRyd3hyd3gtLS0gIDMgYWRtaW4gcm9vdCAgICAgICAgIDI1IEp1bCAgNiAxNzoyNSBhcGkKZHJ3eC0tLS0tLSAgMiBhZG1pbiByb290ICAgICAgICAgIDYgSmFuIDI5ICAyMDIxIGNwcmlkCi1ydy1yLS1yLS0gIDEgYWRtaW4gcm9vdCAgICAgICA4NzU0IEF1ZyAyNSAxODo0NiBkdW1wLnJkYgotcnctci0tci0tICAxIGFkbWluIGNvbmZpZyAgICAgICAyMSBBdWcgMjUgMTg6NTEgZ2FpYUxhc3RMb2dpbgpkcnd4LS0tLS0tICAzIGFkbWluIHJvb3QgICAgICAgIDEyNiBKdW4gMTYgIDIwMjEgaXBzCi1ydy1ydy1yLS0gIDEgYWRtaW4gY29uZmlnICAgICAxMzM0IEF1ZyAgMyAxNTo1MCBteV9wb2xpY3kyLnBvbAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBGZWIgMTIgIDIwMjEgcnBtLXRtcC40NTM5MAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNDQ2MyBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOAotcnctcnctLS0tICAxIGFkbWluIHJvb3QgICAgICAgNTI1NCBKYW4gIDcgIDIwMjEgcnBtLXRtcC44MDkwOQotcnctci0tci0tICAxIGFkbWluIHJvb3QgICAxOTA3ODc0OCBKdW4gMTYgIDIwMjEgc2RfdXBkYXRlcy51cGYKZHJ3eHIteHIteCAgMiBhZG1pbiByb290ICAgICAgICAgMjQgQXVnIDE2ICAyMDIxIHRtcApzcnd4ci14ci14ICAxIGFkbWluIGNvbmZpZyAgICAgICAgMCBBdWcgIDMgMTU6NTAgdWRzX3NvY2tldA==",
I think there is an error in the playbook example:
---
- name: playbook name
hosts: check_point
connection: httpapi
tasks:
- name: task to have network
check_point.mgmt.cp_gaia_hostname:
name: "newhost"
I think it shoud be:
---
- name: playbook name
hosts: check_point
connection: httpapi
tasks:
- name: task to have network
check_point.gaia.cp_gaia_hostname:
name: "newhost"
unable to use check_point.gaia.cp_gaia_physical_interfaces_facts
ansible 2.9.24
python version = 3.6.8 (default, May 6 2020, 12:04:35) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
ansible.netcommon collection: "version": "2.6.1",
check_point.gaia : "version": "2.0.0",
#Inventory
ansible_network_os: check_point.gaia.checkpoint
ansible_connection: ansible.netcommon.httpapi
ansible -i my-inventory.yml mydevice -m check_point.gaia.cp_gaia_physical_interfaces_facts -e 'ansible_python_interpreter=python3'
2022-05-13 09:05:18,279 p=80811 umyaccount n=ansible | Using module file /usr/share/ansible/collections/ansible_collections/check_point/gaia/plugins/modules/cp_gaia_physical_interfaces_facts.py
2022-05-13 09:05:18,280 p=80811 umyaccount n=ansible | PUT /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/tmpf7ivmq9j TO /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.
684108-80811-94927829950467/AnsiballZ_cp_gaia_physical_interfaces_facts.py
2022-05-13 09:05:18,305 p=80811 umyaccount n=ansible | EXEC /bin/sh -c 'chmod u+x /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.684108-80811-94927829950467/ /home/w23960p/.ans
ible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.684108-80811-94927829950467/AnsiballZ_cp_gaia_physical_interfaces_facts.py && sleep 0'
2022-05-13 09:05:18,330 p=80811 umyaccount n=ansible | EXEC /bin/sh -c 'python3 /home/w23960p/.ansible/tmp/ansible-local-76536khpld3yk/ansible-tmp-1652425517.684108-80811-94927829950467/AnsiballZ_cp_gaia_phy
sical_interfaces_facts.py && sleep 0'
2022-05-13 09:05:18,794 p=81499 umyaccount n=ansible | Traceback (most recent call last):
File "/home/w23960p/venv3_6/lib64/python3.6/site-packages/ansible/utils/jsonrpc.py", line 45, in handle_request
result = rpc_method(*args, **kwargs)
File "/usr/share/ansible/collections/ansible_collections/check_point/gaia/plugins/httpapi/checkpoint.py", line 68, in send_request
response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS)
File "/home/w23960p/venv3_6/lib64/python3.6/site-packages/ansible/plugins/connection/init.py", line 34, in wrapped
self._connect()
File "/usr/share/ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/httpapi.py", line 260, in _connect
self.get_option("remote_user"), self.get_option("password")
File "/usr/share/ansible/collections/ansible_collections/check_point/gaia/plugins/httpapi/checkpoint.py", line 50, in login
self.connection._auth = {'X-chkp-sid': response_data['sid']}
TypeError: string indices must be integers
As stated, the version 5.0.1, as available through Ansible Galaxy is not present in this GitHub repository.
https://galaxy.ansible.com/ui/repo/published/check_point/gaia/
As we can see, the latest version on the repo as of today is 5.0.0.
Dear Developer,
For readability and Search Engine Optimization (SEO) it would be great if you could do the followings:
Environment topic examples:
azure, aws, gcp
Functionality topic examples:
build, deploy, staging, operate, terraform, ansible, helm, android, cloudguardIaaS, management, gaia, threat-prevention, identity-awareness, smp, iot, cloudguard-connect, cloudguard-dome9, malware, evasion
Hi,
I'd like to know if this module is supported for VSX clusters. I'm not entirely sure that the Gaia API is available for VSX, did a quick google search and found nothing.
Do you know if this is supported on VSX clusters? Is there another way to quickly gather information on the interfaces of a VSX cluster or, ideally, per VS?
Thanks!
Good day,
Would be nice to be able to configure snmp on the gateways with an ansible module.
Both for virtual systems and physical gateways.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.