I run an Ansible job on server1. This deploys an application to server2.
It fails on this step:
- name: Check {{ my_app }} runs at "https://{{ host }}:{{ port }}{{ endpoint }}" - returns a status 200
uri:
url: 'https://{{ host }}:{{ port }}{{ endpoint}}'
return_content: yes
register: result
until: result.status == 200
retries: 5
delay: 20
It gives this error:
fatal: [server2.url.com]: FAILED! => { "attempts": 5, "changed": false, "invocation": { "module_args": { "attributes": null, "backup": null, "body": null, "body_format": "raw", "client_cert": null, "client_key": null, "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": false, "force_basic_auth": false, "group": null, "headers": {}, "http_agent": "ansible-httpget", "method": "GET", "mode": null, "owner": null, "regexp": null, "remote_src": null, "removes": null, "return_content": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": [ 200 ], "timeout": 30, "unix_socket": null, "unsafe_writes": null, "url": "https://server2.url.com:1234/my/endpoint", "url_password": null, "url_username": null, "use_proxy": true, "validate_certs": true } }, "msg": "Failed to validate the SSL certificate for server2.url.com:1234. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618).", "status": -1, "url": "https://server2.url.com:1234/my/endpoint"
I think I need to install cert somewhere on server2 but I'm not sure how or where this is done. I think I have the correct cert though. How do I add it?
Additionally, I'm aware that Ansible uses Python. server1 has Python 3.6.8 and server2 has Python 2.7.5. Is there any possible conflict between versions?
CodePudding user response:
can you try like this?
- name: Check {{ my_app }} runs at "https://{{ host }}:{{ port }}{{ endpoint }}" - returns a status 200 uri: url: 'https://{{ host }}:{{ port }}{{ endpoint}}' validate_certs: no return_content: yes register: result until: result.status == 200 retries: 5 delay: 20
CodePudding user response:
Regarding your question
I run an Ansible job on
server1. ... I think I need to install cert somewhere onserver2...
and the error message (msg)
Failed to validate the SSL certificate for
server2.url.com:1234. Make sure your managed systems have a valid CA certificate installed. You can usevalidate_certs=Falseif you do not need to confirm the servers identity but this is unsafe and not recommended.
it is server1, the initiator of the connection attempt which is failing to confirm the target server (server2) identity. Therefore you need to trust the certificate on server1.
Regarding your question
I'm not sure how or where this is done.
and the error message (msg)
Paths checked for this platform:
/etc/ssl/certs,/etc/pki/ca-trust/extracted/pem,/etc/pki/tls/certs,/usr/share/ca-certificates/cacert.org,/etc/ansible
you may need to import and trust the self-signed server certificates in one of the mentioned paths on server1.
Regarding
server1has Python 3.6.8 andserver2has Python 2.7.5. Is there any possible conflict between versions?
Not in your current case.