cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ansible -Setup

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Dave_Fitzjarrell
Dave_Fitzjarrell
L1 Bithead
‎03-08-2018 03:12 PM
‎03-08-2018 03:12 PM

Ansible -Setup

Hello,

 

I am struggling with the basic setup.

I can use curl to verify I have a user and password that works, but curl can ignore the certificate.

Is there a way for ansible-pan to ignore it as well?

 

Thanks for your help!

0 Likes
Reply
s.nelson
s.nelson
L0 Member
‎04-06-2018 06:30 AM
‎04-06-2018 06:30 AM

Re: Ansible -Setup

Are you MiTM the connection? I guess I am really asking why are you having to ignore the certificate?

0 Likes
Reply
Highlighted
Dave_Fitzjarrell
Dave_Fitzjarrell
L1 Bithead
‎04-06-2018 07:20 AM
‎04-06-2018 07:20 AM

Re: Ansible -Setup

I found out you have to use a valid certificate.  Either accept the cert by manually updating the keystore or use a trusted CA.  We had a wildcard cert and once that was applied the connections started working and I can manage the firewall with ansible.

 

 

0 Likes
Reply
runamuck
runamuck
L0 Member
‎07-24-2019 02:01 PM
‎07-24-2019 02:01 PM

Re: Ansible -Setup

If you are on RedHat or Centos, the easiest way to do this is to export the following environment variable before you run your playbook:

 

$ export PYTHONHTTPSVERIFY=0

This works with virtual environments as well.

0 Likes
Reply
Dave_Fitzjarrell
Dave_Fitzjarrell
L1 Bithead
‎07-25-2019 08:40 AM
‎07-25-2019 08:40 AM

Re: Ansible -Setup

That is valid however I would not recommend it. 

This is a global setting and could be a security risk.

Here are some alternatives that I have used.

1. Use a valid cert

2. Use a SSC and add it to the key store on the server

3. Use the URI ansible module and set validate_certs=no

 

I'm sure there are many others that could be used.

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2019 - Palo Alto Networks