Issues Using Ansible with ServiceNow Through an HTTP Proxy

[Steven Klinder]

I am trying to allow my Ansible controller to connect to my ServiceNow instance through an HTTP proxy using the "snow_record" and "snow_record_find" modules.  I am running Ansible v2.9.10 with the Python "pysnow" v0.7.16 package and am unable to find a work around for the following SSL verification error:

=======================================
"msg": "Failed to update record: HTTPSConnectionPool(host='myinstance.service-now.com', port=443): Max retries exceeded with url: /api/now/table/sys_user?sysparm_query=sys_id%3D65316bf03710200004e0bfc8bcbe5ea3 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))"
=======================================

I attempted to use the "validate_certs" option in the task hoping that it was an undocumented option for these modules, but that wasn't the case.

I am successfully able to connect to this same ServiceNow instance using the "uri" module through the proxy without an issue (while using the "validate_certs" option), but would much rather utilize the capabilities already available in the ServiceNow modules (snow_record, snow_record_find, etc.) if possible.  Any help or information that can be provided regarding this issue would be greatly appreciated.

Thanks!

[Ankit Vashistha]

Are you using something like ADFS or you can connect to Servicenow directly using servicenow URL?

Regards,

Ankit

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ab926850-042b-4b51-8637-f29416363f70n%40googlegroups.com.

[Shashikumar V]

Please port 5985 and ansbile_scheme_conntion= http

--

[Steven Klinder]

Hi @Ankit.  I am not using ADFS.  I am successfully able to authenticate to ServiceNow when using the URI module or browsing to it using a browser.

[Steven Klinder]

Port 5985 is related to WinRM.  I'm not sure I understand what you're recommending.  Any additional details you can provide would be greatly appreciated.

[jason rossi]

I thought the same thing I think he is referring to (https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html) 

Not sure how that helps here. 

I am far from an expert on this: 

   But what I usually do is shell to that machine using the "ansible user account" and ensure things are setup to allow that communication to occur.. 

ie setup: 

export {HTTP,HTTPS}_PROXY=http://a:a...@x.x.x.x:3128/

export {http,https}_proxy=http://a:a...@x.x.x.x:3128/

echo "export {HTTP,HTTPS}_PROXY=http://a:a...@x.x.x.x:3128/" > /etc/profile.d/http_proxy.sh

echo "export {http,https}_proxy=http://a:a...@x.x.x.x:3128/" > /etc/profile.d/http_proxy.sh

Then when I get that working in that account context then I retry the playbook. But the python code itself needs to use it.. so its a matter of if the code takes those environmental variables into effect or not. 

There clearly are ansible ways to set above.  Just thought I would chime in becasue I feel your pain.

[Jagadish Raj]

Hi Steven,

I see the same issue when connecting to ServiceNow. By any chance, were you able to fix this issue?

Thanks,

Jagadish

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ab926850-042b-4b51-8637-f29416363f70n%40googlegroups.com.

--

Thanks and Regards
 
Jagadish Raj R | Email: jagadi...@gmail.com