Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server returned response without token info during connection authentication #31

Open
CapAnsible opened this issue Sep 15, 2020 · 16 comments
Open

Server returned response without token info during connection authentication #31

CapAnsible opened this issue Sep 15, 2020 · 16 comments

Comments

@CapAnsible
Copy link

Hi all

Trying to connect to Gaia rest api with ansible

Inventory :

[test:vars]
checkpoint ansible_host=XXXXXXX
ansible_user='XXXXXXXXX'
ansible_password='XXXXXXXXXXX'
ansible_network_os=checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
XXXXXXX

Playbook:

  • hosts: test
    connection: httpapi
    gather_facts: false
    tasks:
  • name: collect-host facts
    cp_mgmt_host_facts:
    details_level: standard
    limit: 50
    offset: 0

I get this response :

PLAY [test] *******************************************************************************************************************************************************************************************************************************************************************

TASK [collect-host facts] *****************************************************************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [XXXXXXX]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n File "/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py", line 102, in \n _ansiballz_main()\n File "/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/user/thki/.ansible/tmp/ansible-local-1618CZXifK/ansible-tmp-1598617196.57-1627-159382009972429/AnsiballZ_cp_mgmt_host_facts.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.cp_mgmt_host_facts', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib64/python2.7/runpy.py", line 176, in run_module\n fname, loader, pkg_name)\n File "/usr/lib64/python2.7/runpy.py", line 82, in _run_module_code\n mod_name, mod_fname, mod_loader, pkg_name)\n File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code\n exec code in run_globals\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py", line 131, in \n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/modules/network/check_point/cp_mgmt_host_facts.py", line 126, in main\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py", line 179, in api_call_facts\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/network/checkpoint/checkpoint.py", line 56, in send_request\n File "/tmp/ansible_cp_mgmt_host_facts_payload_fQtftI/ansible_cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
XXXXXXX : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

ansible --version

ansible 2.9.12
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/user/thki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Ive verified that I can connect to api via curl and get token back? Our checkpoint administrator can see login and logoff on management server?
@CapAnsible
Copy link
Author

We found the error :
when we query the commvault api login we dont get uid in response we only get token (sid).
When we comment out line 63 in checkpoint.py (httpapi in collections)

    try:
        self.connection._auth = {'X-chkp-sid': response_data['sid']}
#        self.connection._session_uid = response_data['uid']
    except KeyError:
        raise ConnectionError(
            'Server returned response without token info during connection authentication: %s' % response)

The error disappears. Do we need uid in all modules? If yes why does checkpoint api not return it?
We are running R80.30+ jumbo 155 checkpoint version.

@chkp-orso
Copy link
Contributor

Hi @CapAnsible ,

I've few questions:

  1. did you somehow tried to login in read-only mode?
  2. can you please share the playbook you run?
  3. can you try to install the collection instead of the core modules?
    (you will need to change "ansible_network_os=checkpoint" to "ansible_network_os=check_point.mgmt.checkpoint")
  4. can you share the output of running your playbook when you write -vvvv at the end of the command?

Thanks,
Or

@jimoq
Copy link

jimoq commented Nov 9, 2020
edited
Loading

Hi @chkp-orso ,

I identified how triggered / reproduce the above issue, it is triggered when using underscore "_" in the hostname and mapping that hostname in to an ip address in /etc/hosts

Steps to reproduce.
In this scenario hostname:

  • chkp-mgmt will succeed
  • chkp_sms will fail.

Add det following to /etc/ansible/hosts:

ansible_user=admin
ansible_password=vpn123
ansible_network_os=check_point.mgmt.checkpoint
ansible_httpapi_use_ssl=True
ansible_httpapi_validate_certs=False

[test]
# using hostname in the playbook, where IP to hostname is mapped in /etc/hosts
chkp-mgmt # This will work
chkp_sms # This will fail, the issue is triggered when using underscore in the hostname

Add det following line to /etc/hosts
192.168.233.71 chkp-mgmt chkp_sms

Test with this playbook:

- hosts: test
  connection: httpapi
  gather_facts: false
  tasks:
    - name: collect-host facts
      check_point.mgmt.cp_mgmt_host_facts:
        details_level: standard
        limit: 50
        offset: 0

The result of the play-book will be:


PLAY [test] ****************************************************************
TASK [collect-host facts] ***************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 400
fatal: [chkp_sms]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/sysadmin/.ansible/tmp/ansible-local-4540cQjjU0/ansible-tmp-1604917024.09-246378533351620/AnsiballZ_cp_mgmt_host_facts.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_host_facts', init_globals=None, run_name='__main__', alter_sys=False)\n  File \"/usr/lib/python2.7/runpy.py\", line 192, in run_module\n    fname, loader, pkg_name)\n  File \"/usr/lib/python2.7/runpy.py\", line 72, in _run_code\n    exec code in run_globals\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py\", line 131, in <module>\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py\", line 126, in main\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 233, in api_call_facts\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 186, in handle_call\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 65, in send_request\n  File \"/tmp/ansible_check_point.mgmt.cp_mgmt_host_facts_payload_yo1GUD/ansible_check_point.mgmt.cp_mgmt_host_facts_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 400\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee 
stdout/stderr for the exact error", "rc": 1}
ok: [chkp-mgmt]

PLAY RECAP *****************************************************
chkp-mgmt                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
chkp_sms                   : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

This is the error I see in API.elg when using hostname with underscore (chkp_sms) in the name:
Note the empty "X-Forwarded-Host=[]" value

2020-11-09 11:17:05,803  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp996388716-19954] - Inbound Message
---------------------------- 
ID: 314
Address: http://127.0.0.1:55456/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], Authorization=[Basic YWRtaW46dnBuMTIz], connection=[keep-alive], Content-Length=[39], content-type=[application/json], Host=[127.0.0.1:55456], User-Agent=[Ansible], X-Forwarded-For=[192.168.233.173], X-Forwarded-Host=[], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.233.71]}
--------------------------------------
2020-11-09 11:17:06,062  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp996388716-19951] - Outbound Message
---------------------------
ID: 314
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 09 Nov 2020 10:17:06 GMT]}
Payload: {
  "code" : "generic_err_missing_required_header",
  "message" : "Invalid header: [X-Forwarded-Host]"
}

While using a dash sign in the hostname (chkp-mgmt) provides a successful login with correct X-Forwarded-Host header:
Note the correct "X-Forwarded-Host=[chkp-mgmt:443]" value

2020-11-09 11:17:05,803  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp996388716-19954] - Inbound Message
----------------------------
ID: 313
Address: http://127.0.0.1:55456/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {accept-encoding=[identity], Authorization=[Basic YWRtaW46dnBuMTIz], connection=[keep-alive], Content-Length=[39], content-type=[application/json], Host=[127.0.0.1:55456], User-Agent=[Ansible], X-Forwarded-For=[192.168.233.173],
X-Forwarded-Host=[chkp-mgmt:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.233.71]} 2020-11-09 11:17:06,248  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp996388716-19954] - Outbound Message
---------------------------
ID: 313
Response-Code: 200
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 09 Nov 2020 10:17:06 GMT]}
Payload: {
  "uid" : "1ee6cf05-4ace-48a3-a727-923bb0c38c3a",
  "sid" : "b8a0f09080510fced85e0ab5390225f9",
  "url" : "https://chkp-mgmt:443/web_api",
  "session-timeout" : 600,
  "last-login-was-at" : {
    "posix" : 1604916630539,
    "iso-8601" : "2020-11-09T11:10+0100"
  },
  "api-server-version" : "1.7"
}

@chkp-orso
Copy link
Contributor

Hi @justjais ,

Are you familiar with this issue?

@justjais
Copy link
Contributor

@chkp-orso excuse me for the delayed response here, and WRT to issue No I haven't faced the issue

@BarrieAlmond
Copy link

Hi @chkp-orso , I also have the same as CapAnsible. The module throws the "Server returned response without token info during connection authentication: 200" error unless line 63 in checkpoint.py is commented out. I believe it's because I'm connecting to a readonly/standby controller which isn't returning a uid field on login. Connecting to the active controller DOES return this value and the module works fine with that, but I specifically want to use the standby controller for the queries I want to perform. Is there any chance of an update which will allow connecting to standby controllers?

@justjais
Copy link
Contributor

justjais commented Feb 1, 2021

@BarrieAlmond can u share the complete verbose debug log of your play run, also can u confirm if your hostname has -.

@BarrieAlmond
Copy link

Hi @justjais , I'm connecting by IP so there's no - in the hostname. I've included the debug log though I've cut out some of the tasks from before it gets to the failure since they run locally and aren't relevant, and I've obscured some details for security. I've also included the output from login calls using cURL.

ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
script declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
Parsed /home/username/checkpoint/inventory.yml inventory source with yaml plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py

PLAYBOOK: playbookname.yml **************************************************************************************Positional arguments: playbookname.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/username/checkpoint/inventory.yml',)
forks: 5
1 plays in playbookname.yml

TASK [playbookname : taskname] ************************************************task path: /home/username/checkpoint/roles/rolename/tasks/includes/include.yml:8
<172.17.12.126> attempting to start connection
<172.17.12.126> using connection plugin httpapi
<172.17.12.126> found existing local domain socket, using it!
<172.17.12.126> updating play_context for connection
<172.17.12.126>
<172.17.12.126> local domain socket path is /home/username/.ansible/pc/51fee0a563
<172.17.12.126> ESTABLISH LOCAL CONNECTION FOR USER: username
<172.17.12.126> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006" && echo ansible-tmp-1612191609.1128356-64660072670006="echo /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/network/check_point/checkpoint_object_facts.py
<172.17.12.126> PUT /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/tmpw4ri05y8 TO /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py
<172.17.12.126> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/ /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c '/usr/bin/python3 /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 102, in
_ansiballz_main()
File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)
File "/usr/lib/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object
File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc
ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [checkpoint]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 102, in \n _ansiballz_main()\n File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/home/username/.ansible/tmp/ansible-local-16948zazkd6ih/ansible-tmp-1612191609.1128356-64660072670006/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib/python3.8/runpy.py", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\n exec(code, run_globals)\n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in \n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main\n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object\n File "/tmp/ansible_checkpoint_object_facts_payload_cu78eluq/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}

Output from logging in to the standby server using cURL:
{
"sid" : "(value)",
"url" : "https://standbyserver:443/web_api",
"session-timeout" : 600,
"last-login-was-at" : {
"posix" : 1612191618219,
"iso-8601" : "2021-02-01T15:00+0000"
},
"read-only" : true,
"standby" : true,
"api-server-version" : "1.6"
}

Output from logging in to the active server using cURL:
{
"uid" : "(value)",
"sid" : "(value)",
"url" : "https://activeserver:443/web_api",
"session-timeout" : 600,
"last-login-was-at" : {
"posix" : 1611565769368,
"iso-8601" : "2021-01-25T09:09+0000"
},
"api-server-version" : "1.6"
}

As you can see, the active server returns a uid value, while the standby - the one I want to use - does not. I believe this is why commenting out the line mentioned earlier solves the problem with connecting to the standby.

@justjais
Copy link
Contributor

justjais commented Feb 1, 2021

@BarrieAlmond Thanks for your quick response, for further triaging can u add ansible_connection=httpapi in your checkpoint inventory and share the debug verbose log again.

@BarrieAlmond
Copy link

Hi @justjais , no change I'm afraid. Here is the log, and at the bottom I've included my inventory.

ansible-playbook 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
script declined parsing /home/username/checkpoint/inventory.yml as it did not pass its verify_file() method
Parsed /home/username/checkpoint/inventory.yml inventory source with yaml plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3/dist-packages/ansible/plugins/callback/default.py

PLAYBOOK: playbookname.yml ***********************************************************************************************************************************************************************************************************
Positional arguments: playbookname.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/username/checkpoint/inventory.yml',)
forks: 5
1 plays in playbookname.yml

PLAY [Create CSV of Checkpoint objects requested for decom] *********************************************************************************************************************************************************************************
META: ran handlers

TASK [playbookname : taskname] *********************************************************************************************************************************************************************
task path: /home/username/checkpoint/roles/rolename/tasks/includes/include.yml:8
<172.17.12.126> attempting to start connection
<172.17.12.126> using connection plugin httpapi
<172.17.12.126> found existing local domain socket, using it!
<172.17.12.126> updating play_context for connection
<172.17.12.126>
<172.17.12.126> local domain socket path is /home/username/.ansible/pc/d27ffcd652
<172.17.12.126> ESTABLISH LOCAL CONNECTION FOR USER: username
<172.17.12.126> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155" && echo ansible-tmp-1612194562.4706943-67164519766155="echo /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/network/check_point/checkpoint_object_facts.py
<172.17.12.126> PUT /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/tmpo_6wj1cx TO /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py
<172.17.12.126> EXEC /bin/sh -c 'chmod u+x /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/ /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c '/usr/bin/python3 /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py && sleep 0'
<172.17.12.126> EXEC /bin/sh -c 'rm -f -r /home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 102, in
_ansiballz_main()
File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)
File "/usr/lib/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object
File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc
ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200
fatal: [checkpoint]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 102, in \n _ansiballz_main()\n File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/home/username/.ansible/tmp/ansible-local-21836zoq59z1k/ansible-tmp-1612194562.4706943-67164519766155/AnsiballZ_checkpoint_object_facts.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.check_point.checkpoint_object_facts', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib/python3.8/runpy.py", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\n exec(code, run_globals)\n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 116, in \n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 107, in main\n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/modules/network/check_point/checkpoint_object_facts.py", line 91, in get_object\n File "/tmp/ansible_checkpoint_object_facts_payload_l5r9yizk/ansible_checkpoint_object_facts_payload.zip/ansible/module_utils/connection.py", line 185, in rpc\nansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 200\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}

all:
hosts:
checkpoint:
ansible_host: ipaddress
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_network_os: check_point.mgmt.checkpoint
ansible_user: username
ansible_password: password
ansible_connection: httpapi

@justjais
Copy link
Contributor

justjais commented Feb 1, 2021

@BarrieAlmond can u share your complete play as well for me to triage from my end, Thanks.

@BarrieAlmond
Copy link

BarrieAlmond commented Feb 1, 2021
edited
Loading

Hi @justjais , the play I've been using is quite complex but any basic play will fail if that one line in checkpoint.py isn't commented out. This one for example will work if the line is commented out, but give the above error with the default collection files...apologies if the yaml formatting gets mangled:

  • name: Create CSV of Checkpoint objects requested for decom
    hosts: checkpoint
    gather_facts: no
    connection: httpapi

    tasks:

    • name: show-hosts
      cp_mgmt_host_facts:
      details_level: standard
      limit: 5
      offset: 0

@justjais
Copy link
Contributor

justjais commented Jun 1, 2021

@BarrieAlmond were you able to get past the particular issue ?

@BarrieAlmond
Copy link

@justjais Only with the tweak detailed above by CapAnsible of commenting out line 63 in checkpoint.py (httpapi in collections). It would be nice if this could be officially incorporated in to the code if there is no other/better solution.

@dapLinux
Copy link

Hey @justjais just stumpled over this issue while while trying the exact simple playbook @BarrieAlmond mentioned above. I just wanted some facts from host objects.

I ran into the same error when connecting with a user who has only read permissions. This also works with the workaround by commenting out line 65 in ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py.

When connecting as a user who has read/write permissions, the playbook is executed successfully without commenting out the line in connection.py.

Maybe this helps getting this issue sorted out.

@duanetoler
Copy link
Contributor

@CapAnsible @dapLinux @BarrieAlmond were you trying to use Gaia API or the Management API (web_api)? These are different and use different collections. Gaia API uses check_point.gaia collection. You need that for managing host-level items (hostname, routes, interfaces, users, etc.). Management API (aka web_api) is for the Security Management server.

Gaia API uses "ansible_network_os: check_point.gaia.checkpoint", and Management API uses "ansible_network_os: check_point.mgmt.checkpoint". They have different httapi plugins.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@BarrieAlmond @justjais @jimoq @chkp-orso @CapAnsible @dapLinux @duanetoler