I am having a problem connecting to some Checkpoint firewalls. They run a Linux, but I cannot install any Ansible.
- name: "Connecting to Checkpoint Firewalls"
connection: ansible.netcommon.network_cli
gather_facts: false
hosts: checkpoint
tasks:
- name: Gather facts (asa)
ansible.netcommon.cli_command:
command:
- clish
- show hostname
- show version all
- show asset all
- show interfaces all
- show lom ip-address
- show virtual-system all
register: checkpoint_vars
- name: Debug
debug:
vars: checkpoint_vars
In my inventory file I have set the network OS to IOS as I assumed that the ssh session would be the same. I have also set the SSH common args to sue a bastion host to get to the target devices.
[checkpoint:vars]
ansible_become=no
#ansible_become_method=enable
ansible_network_os=cisco.ios.ios
ansible_connection=network_cli
ansible_user=device_user
ansible_ssh_pass='whatthefuck'
ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PreferredAuthentications=password -o PubkeyAuthentication=no -o KexAlgorithms=+diffie-hellman-group1-sha1 -o ProxyCommand="ssh -W %h:%p -q name@111.89.11.11"'
Now I get different error messages from the devices like
"msg": "unable to set terminal parameters"
or
"msg": "Error reading SSH protocol banner"
I assume that I should not use the network_cli to connect to a Linux system. But I have not found a way to use the Ansible builtin command to perform the action I need.
The problem is that I need to start a CLIsh shell first, then run multiple commands and capture the output.
UPDATE
So with help of the comments here I got it to work like this:
In the inventory file I use the SSH not Paramiko now:
ansible_connection=ssh
The Task looks like this:
tasks:
- name: Gather facts (Checkpoint GAIA)
shell: |
clish -c 'show hostname'
sleep 2
clish -c 'show version all'
sleep 2
clish -c 'show asset all'
register: checkpoint_vars
