Foreman inventory certificate verify failed
818 views
Skip to first unread message
Rob B
Jan 11, 2022, 10:29:41 AM1/11/22
to AWX Project
Hi,
I'm trying out AWX 19.5.0 with a view to migrate from 17.1.0 but i've hit an issue syncing our Foreman as an inventory source.
With v17.1.0, the inventory sync shows a warning about unverified HTTPS request but is able to continue to sync.
v19.5.0 though shows a certificate warning but fails (sync job output below).
ansible-inventory [core 2.11.7.post0]
config file = None
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections:/usr/share/automation-controller/collections
executable location = /usr/local/bin/ansible-inventory
python version = 3.8.8 (default, Aug 25 2021, 16:13:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True
No config file found; using defaults
[WARNING]: * Failed to parse /runner/inventory/foreman.yml with auto plugin:
HTTPSConnectionPool(host='ukwdr-foreman1.iongroup.net', port=443): Max retries
exceeded with url: /api/v2/status?page=1&per_page=250 (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self signed certificate in certificate chain
(_ssl.c:1125)')))
File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/auto.py", line 58, in parse
plugin.parse(inventory, loader, path, cache=cache)
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 650, in parse
self._populate()
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 403, in _populate
if self._use_inventory_report():
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 366, in _use_inventory_report
result = self._get_json(status_url)
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 243, in _get_json
ret = s.get(url, params=params, verify=self.get_option('validate_certs'))
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 668, in send
history = [resp for resp in gen] if allow_redirects else []
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 668, in <listcomp>
history = [resp for resp in gen] if allow_redirects else []
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 239, in resolve_redirects
resp = self.send(
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
[WARNING]: Unable to parse /runner/inventory/foreman.yml as an inventory source
ERROR! No inventory was parsed, please check your configuration and options.
config file = None
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections:/usr/share/automation-controller/collections
executable location = /usr/local/bin/ansible-inventory
python version = 3.8.8 (default, Aug 25 2021, 16:13:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True
No config file found; using defaults
[WARNING]: * Failed to parse /runner/inventory/foreman.yml with auto plugin:
HTTPSConnectionPool(host='ukwdr-foreman1.iongroup.net', port=443): Max retries
exceeded with url: /api/v2/status?page=1&per_page=250 (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self signed certificate in certificate chain
(_ssl.c:1125)')))
File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/auto.py", line 58, in parse
plugin.parse(inventory, loader, path, cache=cache)
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 650, in parse
self._populate()
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 403, in _populate
if self._use_inventory_report():
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 366, in _use_inventory_report
result = self._get_json(status_url)
File "/usr/share/ansible/collections/ansible_collections/theforeman/foreman/plugins/inventory/foreman.py", line 243, in _get_json
ret = s.get(url, params=params, verify=self.get_option('validate_certs'))
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 668, in send
history = [resp for resp in gen] if allow_redirects else []
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 668, in <listcomp>
history = [resp for resp in gen] if allow_redirects else []
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 239, in resolve_redirects
resp = self.send(
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
[WARNING]: Unable to parse /runner/inventory/foreman.yml as an inventory source
ERROR! No inventory was parsed, please check your configuration and options.
How can I set 'validate_certs: False', or better still, include the correct certs?
As a test I have logged on to the 'ee' container, created a foreman.yml config file including 'validate_certs: False' and was able to run ansible-inventory successfully.
But its not obvious how I can set this to work via the AWX GUI?
Let me know if you need any more info and thanks in advance for any help.
Rob
Rob B
Jan 14, 2022, 11:46:50 AM1/14/22
to AWX Project
In case anyone else gets stuck with this - using the 'AWX EE 0.5.0' Execution Environment for the inventory source allows the sync to complete with the ssl warnings.
I'll try building a custom EE including the required certs.
Seth Foster
Jan 19, 2022, 3:59:00 PM1/19/22
to AWX Project
Hi,
This appears to not be supported yet through the UI -- please open an AWX feature issue describing this particular issue. Thanks!
Seth
kde...@redhat.com
Jan 21, 2022, 1:05:32 PM1/21/22
to AWX Project
Looks like you can set `validate_certs: False` in the source vars of the inventory source itself
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages