Hi
I'm have used one-click-aws to spin up mutli tier in aws and I'm not able to login to panos firewall it says invalid credentials. ended up with the below log.
null_resource.check_fw_ready (local-exec): > GET /api/?type=op&cmd=&key=LUFRPT10VGJKTEV6a0R4L1JXd0ZmbmNvdUEwa25wMlU9d0N5d292d2FXNXBBeEFBUW5pV2xoZz09 HTTP/1.1
null_resource.check_fw_ready (local-exec): > User-Agent: curl/7.29.0
null_resource.check_fw_ready (local-exec): > Host: 52.70.227.127
null_resource.check_fw_ready (local-exec): > Accept: /
null_resource.check_fw_ready (local-exec): >
null_resource.check_fw_ready (local-exec): < HTTP/1.1 403 Invalid Credential
null_resource.check_fw_ready (local-exec): < Date: Wed, 22 Jul 2020 11:31:17 GMT
null_resource.check_fw_ready (local-exec): < Content-Type: application/xml; charset=UTF-8
null_resource.check_fw_ready (local-exec): < Content-Length: 97
null_resource.check_fw_ready (local-exec): < Connection: keep-alive
null_resource.check_fw_ready (local-exec): < X-FRAME-OPTIONS: SAMEORIGIN
null_resource.check_fw_ready (local-exec): < X-XSS-Protection: 1; mode=block
null_resource.check_fw_ready (local-exec): < X-Content-Type-Options: nosniff
null_resource.check_fw_ready (local-exec): < Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
null_resource.check_fw_ready (local-exec): < Strict-Transport-Security: max-age=31536000
null_resource.check_fw_ready (local-exec): < Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
null_resource.check_fw_ready (local-exec): < Expires: Thu, 19 Nov 1981 08:52:00 GMT
null_resource.check_fw_ready (local-exec): < Pragma: no-cache
null_resource.check_fw_ready (local-exec): < Set-Cookie: PHPSESSID=ae15918469f0eeb738eb2fd211d7eee6; path=/; secure; HttpOnly
null_resource.check_fw_ready (local-exec): < Status: 403 Invalid Credential
null_resource.check_fw_ready (local-exec): <
null_resource.check_fw_ready (local-exec): { [data not shown]
null_resource.check_fw_ready (local-exec): * Connection #0 to host 52.70.227.127 left intact
null_resource.check_fw_ready: Still creating... (38m30s elapsed)
Also I have tried to the script ./configure_firewall.sh and found that this is where its getting failed.
PLAY [localhost] ****************************************************************************************************************************************
TASK [PaloAltoNetworks.paloaltonetworks : pip] **********************************************************************************************************
ok: [localhost]
TASK [PaloAltoNetworks.paloaltonetworks : pip] **********************************************************************************************************
ok: [localhost]
TASK [PaloAltoNetworks.paloaltonetworks : pip] **********************************************************************************************************
ok: [localhost]
TASK [create a global service for TCP 221] **************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: pandevice.errors.PanURLError: URLError: code: 403 reason: Invalid Credential
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File "/tmp/ansible_hfxXfF/ansible_module_panos_object.py", line 452, in \n main()\n File "/tmp/ansible_hfxXfF/ansible_module_panos_object.py", line 332, in main\n device = base.PanDevice.create_from_device(ip_address, username, password, api_key=api_key)\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 2725, in create_from_device\n system_info = device.refresh_system_info()\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3135, in refresh_system_info\n system_info = self.show_system_info()\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3092, in show_system_info\n root = self.xapi.op(cmd="show system info", cmd_xml=True)\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 2956, in xapi\n self._xapi_private = self.generate_xapi()\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 2998, in generate_xapi\n kwargs = {'api_key': self.api_key,\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 2950, in api_key\n self._api_key = self._retrieve_api_key()\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 3085, in _retrieve_api_key\n xapi.keygen(retry_on_peer=False)\n File "/usr/lib/python2.7/site-packages/pandevice/base.py", line 2851, in method\n raise the_exception\npandevice.errors.PanURLError: URLError: code: 403 reason: Invalid Credential\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
to retry, use: --limit @/home/ansible-pan/ansible-playbooks/one_click_multicloud/one_click_aws.retry
PLAY RECAP **********************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=1
Can someone help me to fix this?
Thanks