Developer

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

After running the AWX template with verbosity 4 and comparing it with command line ansible with -vvvv, it seems that this is triggered by AWX attempting to remove local temporary files while executing the playbook:

The test AWX implementation I have is a container deployed on Ubuntu microk8s, I'm still trying to nail down the root cause of this.

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

I've got this exact same issue.
Works perfectly fine when doing it through curl with the same api endpoint and access token, but through AWX it's failing.
@barads @merlintong

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

@merlintong

I see in the playbook you're using the Role instead of the collection, could you modify your playbook and inventory file to use the collection instead and see if you receive the same issue? 

Playbook should include this clause:

   collections:
     - arubanetworks.aruba_central

Inventory variables must be set like so:

      ansible_connection: httpapi
      ansible_network_os: arubanetworks.aruba_central.aruba_central

------------------------------
Ti Chiapuzio-Wong (they/them)
HPE Aruba Networking

Original Message:
Sent: Oct 07, 2022 02:12 AM
From: merlintong
Subject: Authentication Issue accessing Aruba Central from AWX

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?

Hey, thank you for replying here!
I've tried with both defining a role and defining a collection as you explain above.

It seems to me that the issue is directly tied to the get_headers function defined in central_http.py.
When setting up AWX to use the inventory plugin, it will dynamically create/import a host that will be built just like the "simple inventory" example based on the values provided in the inventory plugin config yaml.

However when AWX runs e.g. the get_groups action, when it builds the path, that calls `headers = central_api.get_headers(False, "get")` to set the headers, the headers won't include the Authorization header entry, only the `{"Content-Type": "application/json"}` will be included because it seems hardcoded to do so..?
I'm not expert at this in any sense, but this part is really confusing why it wouldn't include the auth part.

Did some more diving and realised that the Authorization header is added later, in the send_request function. However I'm having a really hard time troubleshooting this, because I cannot get any type of debugging logging/prints to work for this file in particular. I've used `import logging` for other py-files, however it errors out when being added to this one.

Need to figure out what's going wrong inside this function when running through AWX. Is it the access token that's not being picked up properly? Is it something else? @Tiffany.Chiapuzio-Wong

All in all, this results in the 401 Unauthorised scenario when running it through AWX.

Original Message:
Sent: Feb 26, 2024 05:04 PM
From: Tiffany.Chiapuzio-Wong
Subject: Authentication Issue accessing Aruba Central from AWX

@merlintong

I see in the playbook you're using the Role instead of the collection, could you modify your playbook and inventory file to use the collection instead and see if you receive the same issue? 

Playbook should include this clause:

   collections:
     - arubanetworks.aruba_central

Inventory variables must be set like so:

      ansible_connection: httpapi
      ansible_network_os: arubanetworks.aruba_central.aruba_central

------------------------------
Ti Chiapuzio-Wong (they/them)
HPE Aruba Networking

Original Message:
Sent: Oct 07, 2022 02:12 AM
From: merlintong
Subject: Authentication Issue accessing Aruba Central from AWX

Trying to switch from command line ansible to AWX and ran into an issue authenticating to Aruba Central.
For native ansible command line I'm just following the example provided at https://developer.arubanetworks.com/aruba-central/docs/ansible-getting-started.

The inventory file is defined as:

A test playbook does the following:

Executing the playbook works fine:

When switching into AWX, however, I got a HTTP 401 error instead.

The host central is defined with the exact same variables:

Launching the exact same playbook, this is what I get: HTTP Error 401: Unauthorized.

I tried a few tweaks including creating a custom credential type by passing ansible_httpapi_central_access_token as an environment variable, but still got the same result. I also made sure that my API token wasn't expired or anything when testing with AWX.

Is there anything else I am missing?