community.vmware
community.vmware copied to clipboard
ansible-collections
community.vmware.vmware_tag_manager not respecting validate_certs
SUMMARY
community.vmware.vmware_tag_manager not respecting validate_certs
ISSUE TYPE
- Bug Report
COMPONENT NAME
vmware_tag_manager
ANSIBLE VERSION
ansible [core 2.17.3]
config file = None
configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.12.5 (main, Aug 7 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3.12)
jinja version = 3.1.4
libyaml = True
COLLECTION VERSION
# /usr/share/ansible/collections/ansible_collections
Collection Version
---------------- -------
community.vmware 4.5.0
CONFIGURATION
ANSIBLE_PIPELINING(/runner/project/ansible.cfg) = True
COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH(/runner/project/ansible.cfg) = error
COLLECTIONS_PATHS(/runner/project/ansible.cfg) = ['/runner/project']
COLLECTIONS_SCAN_SYS_PATH(/runner/project/ansible.cfg) = True
COLOR_DEBUG(/runner/project/ansible.cfg) = bright gray
COLOR_VERBOSE(/runner/project/ansible.cfg) = bright gray
CONFIG_FILE() = /runner/project/ansible.cfg
DEFAULT_BECOME(/runner/project/ansible.cfg) = True
DEFAULT_GATHERING(/runner/project/ansible.cfg) = smart
DEFAULT_HOST_LIST(/runner/project/ansible.cfg) = ['/runner/project/inventory']
DEFAULT_LOAD_CALLBACK_PLUGINS(/runner/project/ansible.cfg) = True
DEFAULT_MANAGED_STR(/runner/project/ansible.cfg) = Ansible managed: {file} DO NOT EDIT THIS FILE!
DEFAULT_ROLES_PATH(/runner/project/ansible.cfg) = ['/runner/project/roles']
DIFF_ALWAYS(/runner/project/ansible.cfg) = True
INTERPRETER_PYTHON(/runner/project/ansible.cfg) = auto_silent
RETRY_FILES_ENABLED(/runner/project/ansible.cfg) = False
OS / ENVIRONMENT
AWX on newest version
STEPS TO REPRODUCE
- name: Add backup tags
community.vmware.vmware_tag_manager:
hostname: "{{ target_vcenter.hostname }}"
username: "{{ vcenter_deploy_username }}"
password: "{{ vcenter_deploy_password }}"
validate_certs: no
tag_names: "{{ backup_tags }}"
object_name: "{{ vm_name }}.{{ vm_domain }}"
object_type: VirtualMachine
state: present
delegate_to: localhost
EXPECTED RESULTS
It not giving Certificate errors :)
ACTUAL RESULTS
Failed to connect to vCenter or ESXi API at SERVER_ADDRESS:443 due to SSL verification failure : HTTPSConnectionPool(host='SERVER_ADDRESS', port=443): Max retries exceeded with url: /api (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))
As a sidenote, these tasks here all work perfectly fine, so its really just for that specific module apparantly, copied them from various playbooks where we interact with vmware:
- name: Create a virtual machine from Template and customize if not exists
community.vmware.vmware_guest:
hostname: "{{ target_vcenter.hostname }}"
username: "{{ vcenter_deploy_username }}"
password: "{{ vcenter_deploy_password }}"
validate_certs: no
folder: "{{ vm_folder }}"
name: "{{ vm_name }}.{{ vm_domain }}"
state: poweredon
template: "{{ vm_template }}"
datacenter: "{{ target_vcenter.datacenter }}"
datastore: "{{ target_vcenter.datastore | default(omit) }}"
cluster: "{{ target_vcenter.cluster }}"
disk: "{{ vm_disks }}"
hardware:
memory_mb: "{{ vm_memory * 1024 }}"
memory_reservation_lock: false
mem_reservation: 0
num_cpus: "{{ vm_cpu }}"
num_cpu_cores_per_socket: "{{ vm_cpu }}"
boot_firmware: "{{ vm_firmware }}"
networks: "{{ vm_networks }}"
wait_for_ip_address: true
customization:
hostname: "{{ vm_name }}"
dns_servers: "{{ vm_dns_servers }}"
dns_suffix:
- "{{ vm_domain }}"
register: vm_creation_result
- name: Shutdown VM
community.vmware.vmware_guest:
hostname: "{{ target_vcenter.hostname }}"
username: "{{ vcenter_deploy_username }}"
password: "{{ vcenter_deploy_password }}"
validate_certs: no
folder: "{{ vm_folder }}"
name: "{{ vm_name }}.{{ vm_domain }}"
state: shutdownguest
- name: Remove additional cdrom
community.vmware.vmware_guest:
hostname: "{{ target_vcenter.hostname }}"
username: "{{ vcenter_deploy_username }}"
password: "{{ vcenter_deploy_password }}"
validate_certs: no
folder: "{{ vm_folder }}"
name: "{{ vm_name }}.{{ vm_domain }}"
cdrom:
- controller_number: 0
unit_number: 1
state: absent
- name: Start VM
community.vmware.vmware_guest:
hostname: "{{ target_vcenter.hostname }}"
username: "{{ vcenter_deploy_username }}"
password: "{{ vcenter_deploy_password }}"
validate_certs: no
folder: "{{ vm_folder }}"
name: "{{ vm_name }}.{{ vm_domain }}"
state: poweredon
wait_for_ip_address: true
I did try it with "false" or "False" instead of "no" as well in the validate_certs line.
I'll close it because this looks like a duplicate of #1255.
@Aureliolo Feel free to open it again if you think it isn't and I've been wrong in closing it. If you think I'm right, maybe you should follow #1255 and maybe even add any additional information that you think is missing there.
