Reputation: 7236
Ansible job failed because failed cert validation
I run an Ansible job on server1. This deploys an application to server2.
It fails on this step:
- name: Check {{ my_app }} runs at "https://{{ host }}:{{ port }}{{ endpoint }}" - returns a status 200
uri:
url: 'https://{{ host }}:{{ port }}{{ endpoint}}'
return_content: yes
register: result
until: result.status == 200
retries: 5
delay: 20
It gives this error:
fatal: [server2.url.com]: FAILED! => { "attempts": 5, "changed": false, "invocation": { "module_args": { "attributes": null, "backup": null, "body": null, "body_format": "raw", "client_cert": null, "client_key": null, "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": false, "force_basic_auth": false, "group": null, "headers": {}, "http_agent": "ansible-httpget", "method": "GET", "mode": null, "owner": null, "regexp": null, "remote_src": null, "removes": null, "return_content": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": [ 200 ], "timeout": 30, "unix_socket": null, "unsafe_writes": null, "url": "https://server2.url.com:1234/my/endpoint", "url_password": null, "url_username": null, "use_proxy": true, "validate_certs": true } }, "msg": "Failed to validate the SSL certificate for server2.url.com:1234. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618).", "status": -1, "url": "https://server2.url.com:1234/my/endpoint"
I think I need to install cert somewhere on server2 but I'm not sure how or where this is done. I think I have the correct cert though. How do I add it?
Additionally, I'm aware that Ansible uses Python. server1 has Python 3.6.8 and server2 has Python 2.7.5. Is there any possible conflict between versions?
Upvotes: -1
Views: 3473
Answers (1)
Reputation: 1
Try this:
- name: Check {{ my_app }} runs at "https://{{ host }}:{{ port }}{{ endpoint }}" - returns a status 200
uri:
url: 'https://{{ host }}:{{ port }}{{ endpoint}}'
**validate_certs: no**
return_content: yes
register: result
until: result.status == 200
retries: 5
delay: 20
Upvotes: -1
Related Questions
- Certificate Auth. : the specified credentials were rejected by the server
- Ansible "msg": "Unable to connect to vCenter or ESXi API at IP on TCP/443: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)"
- How to fix following ansible galaxy SSL error?
- Ansible: Create a Self-Signed SSL Certificate and Key
- Ansible: No package matching 'nginx' is available
- Copying SSL certificate with Ansible
- Ansible-Tower ssl: the specified credentials were rejected by the server
- server certificate verification failed while running ansible playbook to checkout code from gituhub
- Ansible winrm_server_cert_validation HTTPS security
- msg: ConnectionError(ProtocolError('Connection aborted.', error(2, 'No such file or directory')),)