Ansible SolarWinds Collection with OrionSDK- Authentication issue

I really wish there was an official SolarWinds Ansible collection that was covered under support, but I have been using this Ansible collection to manage my SolarWinds nodes: jeisenbath/ansible-collection-solarwinds-orion: An Ansible collection for managing nodes in Solarwinds Orion (github.com). It has been working pretty well to add snmpv3 nodes as well as manage custom properties. However I am having an issue I would like to get resolved. SolarWinds support referred me to THWACK for help with this issue.

Here is an example Ansible playbook task and debug output from my Ansible server:

- name: Set Project custom property
solarwinds.orion.orion_custom_property:
<<: *solarwinds_info
name: "{{ inventory_hostname }}"
state: present
property_name: Project
property_value: lab
delegate_to: localhost

changed: [RT-01 -> localhost] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "hostname": "x.x.x.x",
            "ip_address": null,
            "name": "RT-01",
            "node_id": null,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "property_name": "Project",
            "property_value": "lab",
            "state": "present",
            "username": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
        }
    },
    "orion_node": {
        "caption": "RT-01",
        "ipaddress": "10.x.x.x",
        "netobjectid": "N:1061",
        "nodeid": 1061,
        "objectsubtype": "SNMP",
        "status": 1,
        "statusdescription": "Node status is Up.",
        "unmanaged": false,
        "unmanagefrom": "2023-07-14T00:48:30.677000+00:00",
        "unmanageuntil": "2023-07-14T00:55:01.117000+00:00",
        "uri": "swis://x.x.x.x.automation.lab/Orion/Orion.Nodes/NodeID=1061"
    }
}

However, when I am running an ansible playbook and interacting with SolarWinds like shown above (add custom property/add node/add interface etc.) I get the below audit logs in Solarwinds. When I run a playbook on a large number of nodes, it spews tons of these logs into the audit log. It appears to happen multiple times for every thing it does. For example I got the following logs for updating one custom property on one node. The playbook tasks runs successfully and gives no indication of errors from an Ansible perspective.

Any idea what is causing this and if it can be resolved? I am seeing this on both my lab and production environments.

8/18/2023 7:30:20 AM Audit Event User admin changed custom property 'Project' to 'lab' on node RT-01. RT-01 10.x.x.x
8/18/2023 7:30:20 AM Audit Event User AUTOMATION\admin made an unsuccessful attempt to login from a SolarWinds Information Service endpoint.	 	 
8/18/2023 7:30:19 AM Audit Event User AUTOMATION\admin made an unsuccessful attempt to login from a SolarWinds Information Service endpoint.	 	 
8/18/2023 7:30:18 AM Audit Event User AUTOMATION\admin made an unsuccessful attempt to login from a SolarWinds Information Service endpoint.	 	 
8/18/2023 7:30:17 AM Audit Event User AUTOMATION\admin made an unsuccessful attempt to login from a SolarWinds Information Service endpoint.

Also here are some entries from ApolloWebApi.log with UserLoginUnsuccessful that correlate with the above audit logs.

2023-08-18 07:30:16,443 [432] DEBUG SolarWinds.Orion.Common.SqlHelper - SQL:
SELECT TOP 1 ServerName FROM Engines WITH(NOLOCK) WHERE Engines.ServerType = 'Primary' ORDER BY KeepAlive DESC
2023-08-18 07:30:16,443 [432] DEBUG SolarWinds.Orion.Swis.PubSub.MessageBus.MessageBusTopologyProvider - No message bus host change detected.
2023-08-18 07:30:17,802 [432] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Message delivered to consumer 89e0879b-f63a-46f2-b8bc-25cda63049da with deliveryTag 107
2023-08-18 07:30:17,802 [432] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Received message with receivedInfo=[ConsumerTag=89e0879b-f63a-46f2-b8bc-25cda63049da, DeliveryTag=107, Redelivered=False, Exchange=, RoutingKey=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_, Queue=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_]
2023-08-18 07:30:17,802 [432] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQueue - Received message on ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_ for subscription ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_
2023-08-18 07:30:17,802 [432] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Received Account Change indication 'Orion.UserLoginUnsuccessful'.
2023-08-18 07:30:17,802 [432] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Indication Properties: IndicationId: 7d5af392-32ea-47ce-a789-bf0f9aeff0b4
IndicationTime: 8/18/2023 2:30:17 PM
SequenceNumber: 291
AccountId: AUTOMATION\admin
IPAddress: a SolarWinds Information Service endpoint

I opened an issue on the github collection, User made an unsuccessful attempt to login from a SolarWinds Information Service endpoint. · Issue #6 · jeisenbath/ansible-collection-solarwinds-orion (github.com), but I was hoping someone on here might have some information that could help resolve this issue?

Parents
  • Here is more detail running your 01_query.py on my lab environment:

    [admin@localhost ~]$ python3 sw_python/01_query.py 
    Enter the username and password for '<orion_hostname>'
    Username: admin
    Password: 
    Caption @ IP [URI]
    <node output ommitted>

    All the nodes and there IPs were successfully output. There are no errors or any indications of any authentication issues from my terminal.

    But yet I get this log on my SolarWinds audit log:

    9/8/2023 3:42:13 AM Audit Event	User AUTOMATION\admin made an unsuccessful attempt to login from a SolarWinds Information Service endpoint.
    

    And here is what I get in my ApolloWebApi.log

    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Message delivered to consumer 658a450e-6f6f-477f-9dc0-1b8e07b0a401 with deliveryTag 2
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Received message with receivedInfo=[ConsumerTag=658a450e-6f6f-477f-9dc0-1b8e07b0a401, DeliveryTag=2, Redelivered=False, Exchange=, RoutingKey=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_, Queue=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_]
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQueue - Received message on ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_ for subscription ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Received Account Change indication 'Orion.UserLoginUnsuccessful'.
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Indication Properties: IndicationId: faac1f84-3574-4a59-b940-b2f28181bd6c
    IndicationTime: 9/8/2023 10:42:13 AM
    SequenceNumber: 78
    AccountId: AUTOMATION\admin
    IPAddress: a SolarWinds Information Service endpoint
    
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Source Instance Properties: IPAddress: a SolarWinds Information Service endpoint
    
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Message delivered to consumer 9bcaa4de-9673-43a4-8b54-069aaa1f43e2 with deliveryTag 3
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Received message with receivedInfo=[ConsumerTag=9bcaa4de-9673-43a4-8b54-069aaa1f43e2, DeliveryTag=3, Redelivered=False, Exchange=, RoutingKey=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_, Queue=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_]
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQueue - Received message on ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_ for subscription ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Received Account Change indication 'System.InstanceModified'.
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Indication Properties: IndicationId: 8c68fa1e-8539-4184-af4e-4904605fc853
    IndicationTime: 9/8/2023 10:42:13 AM
    SequenceNumber: 79
    AccountId: SYSTEM
    
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Source Instance Properties: AccountID: AUTOMATION\admin
    GroupInfo: AUTOMATION\Domain Admins
    InstanceType: Orion.Accounts

Reply
  • Here is more detail running your 01_query.py on my lab environment:

    [admin@localhost ~]$ python3 sw_python/01_query.py 
    Enter the username and password for '<orion_hostname>'
    Username: admin
    Password: 
    Caption @ IP [URI]
    <node output ommitted>

    All the nodes and there IPs were successfully output. There are no errors or any indications of any authentication issues from my terminal.

    But yet I get this log on my SolarWinds audit log:

    9/8/2023 3:42:13 AM Audit Event	User AUTOMATION\admin made an unsuccessful attempt to login from a SolarWinds Information Service endpoint.
    

    And here is what I get in my ApolloWebApi.log

    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Message delivered to consumer 658a450e-6f6f-477f-9dc0-1b8e07b0a401 with deliveryTag 2
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Received message with receivedInfo=[ConsumerTag=658a450e-6f6f-477f-9dc0-1b8e07b0a401, DeliveryTag=2, Redelivered=False, Exchange=, RoutingKey=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_, Queue=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_]
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQueue - Received message on ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_ for subscription ApolloWebsite.AccountChangeIndicationSubscriber.Orion.UserLoginUnsuccessful.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Received Account Change indication 'Orion.UserLoginUnsuccessful'.
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Indication Properties: IndicationId: faac1f84-3574-4a59-b940-b2f28181bd6c
    IndicationTime: 9/8/2023 10:42:13 AM
    SequenceNumber: 78
    AccountId: AUTOMATION\admin
    IPAddress: a SolarWinds Information Service endpoint
    
    2023-09-08 03:42:13,036 [194] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Source Instance Properties: IPAddress: a SolarWinds Information Service endpoint
    
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Message delivered to consumer 9bcaa4de-9673-43a4-8b54-069aaa1f43e2 with deliveryTag 3
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQLogger - Received message with receivedInfo=[ConsumerTag=9bcaa4de-9673-43a4-8b54-069aaa1f43e2, DeliveryTag=3, Redelivered=False, Exchange=, RoutingKey=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_, Queue=ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_]
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.MessageBus.RabbitMQ.EasyNetQueue - Received message on ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_ for subscription ApolloWebsite.AccountChangeIndicationSubscriber.Orion.Accounts.Engine@Engine_1/w3wp_LM/W3SVC/1/ROOT/api2_
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Received Account Change indication 'System.InstanceModified'.
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Indication Properties: IndicationId: 8c68fa1e-8539-4184-af4e-4904605fc853
    IndicationTime: 9/8/2023 10:42:13 AM
    SequenceNumber: 79
    AccountId: SYSTEM
    
    2023-09-08 03:42:13,333 [142] DEBUG SolarWinds.Orion.Identity.AccountChangeIndicationSubscriber - Source Instance Properties: AccountID: AUTOMATION\admin
    GroupInfo: AUTOMATION\Domain Admins
    InstanceType: Orion.Accounts

Children