Ansible -Setup

Reply
L1 Bithead

Ansible -Setup

Hello,

 

I am struggling with the basic setup.

I can use curl to verify I have a user and password that works, but curl can ignore the certificate.

Is there a way for ansible-pan to ignore it as well?

 

Thanks for your help!

L0 Member

Re: Ansible -Setup

Are you MiTM the connection? I guess I am really asking why are you having to ignore the certificate?

L1 Bithead

Re: Ansible -Setup

I found out you have to use a valid certificate.  Either accept the cert by manually updating the keystore or use a trusted CA.  We had a wildcard cert and once that was applied the connections started working and I can manage the firewall with ansible.

 

 

L0 Member

Re: Ansible -Setup

If you are on RedHat or Centos, the easiest way to do this is to export the following environment variable before you run your playbook:

 

$ export PYTHONHTTPSVERIFY=0

This works with virtual environments as well.

Highlighted
L1 Bithead

Re: Ansible -Setup

That is valid however I would not recommend it. 

This is a global setting and could be a security risk.

Here are some alternatives that I have used.

1. Use a valid cert

2. Use a SSC and add it to the key store on the server

3. Use the URI ansible module and set validate_certs=no

 

I'm sure there are many others that could be used.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!