This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Authentication issue to Palo Alto Panorama from Ansible

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authentication issue to Palo Alto Panorama from Ansible

merlintong
L0 Member

‎10-06-2022 10:57 PM

Just followed some examples from https://paloaltonetworks.github.io/pan-os-ansible/ and https://github.com/PaloAltoNetworks/ansible-playbooks/ to write my first playbook. The target system is a virtual Panorama instance on AWS (software version 10.1.6-h6)
The playbook is just to show system info:

merlintong_0-1665122126484.png

 

I made sure the host inventory has been defined correctly, and both ansible galaxy role and python pan-os sdk are installed. Executing the playbook however throws me a 403 Invalid Credential error:

merlintong_1-1665122126489.png

 

A simple curl test with the same target and API key however works fine:

curl -k 'https://hostname/api/?type=op&cmd=<show><system><info></info></system></show>&key=xxx'

merlintong_2-1665122126491.png

 

Am I missing something obvious?

0 Likes Likes
1 REPLY 1

JimmyHolland
L5 Sessionator

‎10-07-2022 04:24 AM

Hi @merlintong,

I replicated your playbook and could not replicate the error with a VM-Series on 10.1.6-h6.

Have you definitely got the inventory setup correctly? Even Wireshark/tcpdump on your Ansible machine to check it is talking to the correct target VM-Series? Can you see the failed login in the System Logs in PAN-OS? Is there anything going on with the format of the api_key variable variable string which we maybe can't see due to the redacted screenshot)? Does it work if you use username/password instead of the API key?

 

---
- name: Test Playbook
  hosts: '{{ target | default("host_vm-series-a") }}'
  gather_facts: false
  connection: local

  collections:
    - paloaltonetworks.panos

  vars:
    device:
      ip_address: "{{ ip_address }}"
      api_key: "{{ api_key | default(omit) }}"

  tasks:
    - name: show system info
      panos_op:
        provider: "{{ device }}"
        cmd: 'show system info'



LAY [host_vm-series-a] *************************************************************************************************************************************************************

TASK [show system info] *************************************************************************************************************************************************************
ok: [host_vm-series-a]

PLAY RECAP **************************************************************************************************************************************************************************
host_vm-series-a           : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

 

 

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂
0 Likes Likes
  • 2035 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks