Authentication issue to Palo Alto Panorama from Ansible

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authentication issue to Palo Alto Panorama from Ansible

L0 Member

Just followed some examples from https://paloaltonetworks.github.io/pan-os-ansible/ and https://github.com/PaloAltoNetworks/ansible-playbooks/ to write my first playbook. The target system is a virtual Panorama instance on AWS (software version 10.1.6-h6)
The playbook is just to show system info:

merlintong_0-1665122126484.png

 

I made sure the host inventory has been defined correctly, and both ansible galaxy role and python pan-os sdk are installed. Executing the playbook however throws me a 403 Invalid Credential error:

merlintong_1-1665122126489.png

 

A simple curl test with the same target and API key however works fine:

curl -k 'https://hostname/api/?type=op&cmd=<show><system><info></info></system></show>&key=xxx'

merlintong_2-1665122126491.png

 

Am I missing something obvious?

1 REPLY 1

L5 Sessionator

Hi @merlintong,

I replicated your playbook and could not replicate the error with a VM-Series on 10.1.6-h6.

Have you definitely got the inventory setup correctly? Even Wireshark/tcpdump on your Ansible machine to check it is talking to the correct target VM-Series? Can you see the failed login in the System Logs in PAN-OS? Is there anything going on with the format of the api_key variable variable string which we maybe can't see due to the redacted screenshot)? Does it work if you use username/password instead of the API key?

 

---
- name: Test Playbook
  hosts: '{{ target | default("host_vm-series-a") }}'
  gather_facts: false
  connection: local

  collections:
    - paloaltonetworks.panos

  vars:
    device:
      ip_address: "{{ ip_address }}"
      api_key: "{{ api_key | default(omit) }}"

  tasks:
    - name: show system info
      panos_op:
        provider: "{{ device }}"
        cmd: 'show system info'



LAY [host_vm-series-a] *************************************************************************************************************************************************************

TASK [show system info] *************************************************************************************************************************************************************
ok: [host_vm-series-a]

PLAY RECAP **************************************************************************************************************************************************************************
host_vm-series-a           : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

 

 

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂
  • 2036 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!