Ansible i Checkpoint
: 20 lip 2021, 16:58
Heja,
Uzywajac nieco poprawionych skryptów z tej strony https://community.checkpoint.com/t5/Ans ... td-p/14305 skonfigurowalem sobie ansible w domowym labie i zgrywa mi konfiguracje z Checkpointów.
U klienta jest juz skonfigurowane ansible ale tylko do Cisco wiec pozwolili mi dodac CP. Playbooki ponizej:
Dodalem 4 firewalle do /etc/ansible/hosts
Niestety, dostaje cos takiego:
Zajrzalem do /etc/ansible/hosts i znalazlem takie rzeczy:
Nie rozumiem po co definicja local..? Zajrzalem do mojego testowego laba i nie bylo ani local ani ansible_connection = local. Po usunieciu obu mam taki blad:
Jakies pomysly..?
Uzywajac nieco poprawionych skryptów z tej strony https://community.checkpoint.com/t5/Ans ... td-p/14305 skonfigurowalem sobie ansible w domowym labie i zgrywa mi konfiguracje z Checkpointów.
U klienta jest juz skonfigurowane ansible ale tylko do Cisco wiec pozwolili mi dodac CP. Playbooki ponizej:
Kod: Zaznacz cały
[root@ansible playbooks]# cat Backup.yml
---
#This Playbook will take a backup of "show configuration" gaia command. The out put will be stored to directory named BACKUP, one level up to where the playbook is run from
- hosts: localhost
tasks:
- command: /bin/echo "{{ lookup('pipe','date +%Y-%m-%d_%H-%M') }}"
register: foo
- file:
path: /etc/ansible/fwbackups
state: directory
## Change the 'hosts' variable to what you have defined in inventory file.
## You can change 'serial' to higher than 1. 'Serial' is the batch size
- hosts: SP_SCP_FW
serial: 10
#################### DO NOT CHANGE AYTHING BELOW THIS LINE ######################
gather_facts: no
tasks:
- name: BACKUP
import_role:
name: ashwin_sid.gaia_fw1
tasks_from: backup
[root@ansible playbooks]#
[root@ansible tasks]# cat backup.yml
---
# VARIABLES:
# cmdfile - File where the comamnds to be run on target hosts are stored, one command pre line.
# logdir - Directory where the output of the commands will be stored. This can be specified either relative to the directory where the playbook stored ( ../SHOW) OR the full path (/opt/ansible/SHOW)
#
#
- name: set clish
cli_command: command=clish
- name: set pager
cli_command: command='set clienv rows 0'
- name: Get hostname
cli_command: command='show hostname'
register: r0
- name: SHOW CONFIG
cli_command: command='show configuration'
#command='show ipconfiguration'
register: result1
- name: create dir
local_action: file path=={{ logdir | default('/etc/ansible/fwbackups') }}/{{ r0.stdout }} state=directory
- name: Store Backup
local_action: copy content={{ result1.stdout_lines|join('\n') }} dest=/etc/ansible/fwbackups/{{ r0.stdout }}/{{ hostvars['localhost']['foo'].stdout }}.txt
Kod: Zaznacz cały
[SP_SCP_FW]
10.10.127.91
10.10.127.92
10.12.127.91
10.12.127.92
Kod: Zaznacz cały
[root@ansible playbooks]# ansible-playbook -k Backup.yml
SSH password:
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
PLAY [localhost] *****************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [command] *******************************************************************************************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [file] **********************************************************************************************************************************************************************************************************************************
ok: [127.0.0.1]
PLAY [SP_SCP_FW] ***************************************************************************************************************************************************************************************************************************
TASK [ashwin_sid.gaia_fw1 : set clish] *******************************************************************************************************************************************************************************************************
fatal: [10.10.127.91]: FAILED! => {"changed": false, "msg": [b]"Connection type local is not valid for this module"[/b]}
fatal: [10.10.127.92]: FAILED! => {"changed": false, "msg": [b]"Connection type local is not valid for this module"[/b]}
fatal: [10.12.127.91]: FAILED! => {"changed": false, "msg": [b]"Connection type local is not valid for this module"[/b]}
fatal: [10.12.127.92]: FAILED! => {"changed": false, "msg": [b]"Connection type local is not valid for this module"[/b]}
PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
10.10.127.91 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10.10.127.92 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10.12.127.91 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10.12.127.92 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
127.0.0.1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible playbooks]#
Kod: Zaznacz cały
[local]
127.0.0.1
[all:vars]
ansible_connection = local
ansible_user=xxx
ansible_ssh_pass=xxx
Kod: Zaznacz cały
[root@ansible playbooks]# ansible-playbook -k Backup.yml
SSH password:
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
PLAY [localhost] *****************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [command] *******************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [file] **********************************************************************************************************************************************************************************************************************************
ok: [localhost]
PLAY [SP_SCP_FW] ***************************************************************************************************************************************************************************************************************************
TASK [ashwin_sid.gaia_fw1 : set clish] *******************************************************************************************************************************************************************************************************
fatal: [10.12.127.91]: FAILED! => {"msg": "Traceback (most recent call last):\n File \"/bin/ansible-connection\", line 342, in <module>\n main()\n File \"/bin/ansible-connection\", line 261, in main\n task_uuid = sys.argv[2]\nIndexError: list index out of range\n"}
fatal: [10.10.127.91]: FAILED! => {"msg": "Traceback (most recent call last):\n File \"/bin/ansible-connection\", line 342, in <module>\n main()\n File \"/bin/ansible-connection\", line 261, in main\n task_uuid = sys.argv[2]\nIndexError: list index out of range\n"}
fatal: [10.10.127.92]: FAILED! => {"msg": "Traceback (most recent call last):\n File \"/bin/ansible-connection\", line 342, in <module>\n main()\n File \"/bin/ansible-connection\", line 261, in main\n task_uuid = sys.argv[2]\nIndexError: list index out of range\n"}
fatal: [10.12.127.92]: FAILED! => {"msg": "Traceback (most recent call last):\n File \"/bin/ansible-connection\", line 342, in <module>\n main()\n File \"/bin/ansible-connection\", line 261, in main\n task_uuid = sys.argv[2]\nIndexError: list index out of range\n"}
PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
10.10.127.91 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10.10.127.92 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10.12.127.91 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10.12.127.92 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible playbooks]#