Ansible -Setup

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Ansible -Setup

L1 Bithead

Hello,

 

I am struggling with the basic setup.

I can use curl to verify I have a user and password that works, but curl can ignore the certificate.

Is there a way for ansible-pan to ignore it as well?

 

Thanks for your help!

1 accepted solution

Accepted Solutions

I found out you have to use a valid certificate.  Either accept the cert by manually updating the keystore or use a trusted CA.  We had a wildcard cert and once that was applied the connections started working and I can manage the firewall with ansible.

 

 

View solution in original post

4 REPLIES 4

L0 Member

Are you MiTM the connection? I guess I am really asking why are you having to ignore the certificate?

I found out you have to use a valid certificate.  Either accept the cert by manually updating the keystore or use a trusted CA.  We had a wildcard cert and once that was applied the connections started working and I can manage the firewall with ansible.

 

 

L0 Member

If you are on RedHat or Centos, the easiest way to do this is to export the following environment variable before you run your playbook:

 

$ export PYTHONHTTPSVERIFY=0

This works with virtual environments as well.

That is valid however I would not recommend it. 

This is a global setting and could be a security risk.

Here are some alternatives that I have used.

1. Use a valid cert

2. Use a SSC and add it to the key store on the server

3. Use the URI ansible module and set validate_certs=no

 

I'm sure there are many others that could be used.

  • 1 accepted solution
  • 5432 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!