search

PaloAltoNetworks / terraform-templates

This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls
Apache License 2.0
146 stars 151 forks source link

one-click-aws throwing error: HTTP/1.1 403 Invalid Credential #29

Closed Chary271108 closed 4 years ago

Chary271108 commented 4 years ago

Hi

I'm have used one-click-aws to spin up mutli tier in aws and I'm not able to login to panos firewall it says invalid credentials. ended up with the below log.

null_resource.check_fw_ready (local-exec): > GET /api/?type=op&cmd=&key=LUFRPT10VGJKTEV6a0R4L1JXd0ZmbmNvdUEwa25wMlU9d0N5d292d2FXNXBBeEFBUW5pV2xoZz09 HTTP/1.1 null_resource.check_fw_ready (local-exec): > User-Agent: curl/7.29.0 null_resource.check_fw_ready (local-exec): > Host: 52.70.227.127 null_resource.check_fw_ready (local-exec): > Accept: / null_resource.check_fw_ready (local-exec): > null_resource.check_fw_ready (local-exec): < HTTP/1.1 403 Invalid Credential null_resource.check_fw_ready (local-exec): < Date: Wed, 22 Jul 2020 11:31:17 GMT null_resource.check_fw_ready (local-exec): < Content-Type: application/xml; charset=UTF-8 null_resource.check_fw_ready (local-exec): < Content-Length: 97 null_resource.check_fw_ready (local-exec): < Connection: keep-alive null_resource.check_fw_ready (local-exec): < X-FRAME-OPTIONS: SAMEORIGIN null_resource.check_fw_ready (local-exec): < X-XSS-Protection: 1; mode=block null_resource.check_fw_ready (local-exec): < X-Content-Type-Options: nosniff null_resource.check_fw_ready (local-exec): < Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; null_resource.check_fw_ready (local-exec): < Strict-Transport-Security: max-age=31536000 null_resource.check_fw_ready (local-exec): < Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 null_resource.check_fw_ready (local-exec): < Expires: Thu, 19 Nov 1981 08:52:00 GMT null_resource.check_fw_ready (local-exec): < Pragma: no-cache null_resource.check_fw_ready (local-exec): < Set-Cookie: PHPSESSID=ae15918469f0eeb738eb2fd211d7eee6; path=/; secure; HttpOnly null_resource.check_fw_ready (local-exec): < Status: 403 Invalid Credential null_resource.check_fw_ready (local-exec): < null_resource.check_fw_ready (local-exec): { [data not shown] null_resource.check_fw_ready (local-exec): * Connection #0 to host 52.70.227.127 left intact null_resource.check_fw_ready: Still creating... (38m30s elapsed)

Also I have tried to the script ./configure_firewall.sh and found that this is where its getting failed.

PLAY [localhost] ****

TASK [PaloAltoNetworks.paloaltonetworks : pip] ** ok: [localhost]

TASK [PaloAltoNetworks.paloaltonetworks : pip] ** ok: [localhost]

TASK [PaloAltoNetworks.paloaltonetworks : pip] ** ok: [localhost]

TASK [create a global service for TCP 221] ** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: pandevice.errors.PanURLError: URLError: code: 403 reason: Invalid Credential fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_hfxXfF/ansible_module_panos_object.py\", line 452, in \n main()\n File \"/tmp/ansible_hfxXfF/ansible_module_panos_object.py\", line 332, in main\n device = base.PanDevice.create_from_device(ip_address, username, password, api_key=api_key)\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 2725, in create_from_device\n system_info = device.refresh_system_info()\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 3135, in refresh_system_info\n system_info = self.show_system_info()\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 3092, in show_system_info\n root = self.xapi.op(cmd=\"show system info\", cmd_xml=True)\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 2956, in xapi\n self._xapi_private = self.generate_xapi()\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 2998, in generate_xapi\n kwargs = {'api_key': self.api_key,\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 2950, in api_key\n self._api_key = self._retrieve_api_key()\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 3085, in _retrieve_api_key\n xapi.keygen(retry_on_peer=False)\n File \"/usr/lib/python2.7/site-packages/pandevice/base.py\", line 2851, in method\n raise the_exception\npandevice.errors.PanURLError: URLError: code: 403 reason: Invalid Credential\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0} to retry, use: --limit @/home/ansible-pan/ansible-playbooks/one_click_multicloud/one_click_aws.retry

PLAY RECAP ** localhost : ok=3 changed=0 unreachable=0 failed=1

Can someone help me to fix this?

Thanks

welcome[bot] commented 4 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!