Ansible "msg": "Unable to connect to vCenter or ESXi API at IP on TCP/443: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)"

Question

I'm running a playbook against a host and getting this error:

"msg": "Unable to connect to vCenter or ESXi API at 192.11.11.111 on TCP/443: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)"

We are using vCenter 6.5. I have a playbook that should let Ansible controller talk to the vSphere vCenter. I exported the trusted root SSL certificates from the vSphere home page. Copied over to my Ansible controller and installed with:

sudo mv 9dab0099.0.crt 9dab0099.r0.crl 11ec582d.0.crt /etc/pki/ca-trust/source/anchors
 
sudo update-ca-trust force -enable
 
sudo update-ca-trust extract

• able to telnet to the host on 443
• able to ping host continuously
• tried changing validate_certs to: no
• tried changing validate_certs to: yes
• tried changing validate_certs to: false

My playbook:

- name: Add an additional cpu to virtual machine server
  hosts: '{{ target }}' 
  
  tasks: 
    - name: Login into vCenter and get cookies
      vmware_guest: 
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        folder: "{{ vm_folder }}"   
        cluster: "{{ vcenter_cluster }}"
        datacenter: "{{ vcenter_datacenter }}"
        name: "{{ vm_name }}"
    - name:
      uri:
        url: https://{{ vcenter_hostname }} #/rest/com/vmware/cis/session
        force_basic_auth: yes
        validate_certs: no
        method: POST
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        folder: "{{ vm_folder }}"   
        cluster: "{{ vcenter_cluster }}"
        datacenter: "{{ vcenter_datacenter }}"
        name: "{{ vm_name }}"
      #register: login
  
    - name: Stop virtual machine
      vmware_guest:
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        validate_certs: no
        folder: "{{ vm_folder }}"   
        cluster: "{{ vcenter_cluster }}"
        datacenter: "{{ vcenter_datacenter }}"
        name: "{{ vm_name }}"
        state: "poweredoff"

    - name: reconfigure CPU and RAM of VM
      vmware_guest:
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        cluster: "{{ vcenter_cluster }}"
        datacenter: "{{ vcenter_datacenter }}"
        name: "{{ vm_name }}"
        state: "present"
        validate_certs: "false"
        folder: "{{ vm_folder }}"
        hardware:
          memory_gb: "{{ memory }}"
          num_cpus: "{{ cpu }}"
        scsi: "lsilogic"

My ESXi firewall rules are open.

I reproduced error with Python 2.7.5 and Python 3.6, and the newest version of pyvmomi is installed.

Can someone point me in the right direction from here?

Answer 1

Try to put

validate_certs: no

into the tasks