ara icon indicating copy to clipboard operation
ara copied to clipboard

Published 20 hours ago verified publisher icon ansible-community

api_ca does not default to system cert bundle

Open nlvw opened this issue 1 year ago • 9 comments

What is the issue ?

When using ARA 1.6.0 with a HTTPS API Server the callback plugin will fail due to a certificate error. It seems like it is not checking the default cert bundle on they system (Fedora 37 in my case) as the following fixes the error

[ara]
api_client = http
api_server = https://ara.example.com
api_ca = /etc/pki/tls/cert.pem

Without api_ca the connection fails with

[WARNING]: Failure using method (v2_playbook_on_start) in callback plugin
(<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f4b47a812d0>):
HTTPSConnectionPool(host='ara.nmsu.edu', port=443): Max retries exceeded with url:
/api/v1/playbooks (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer
certificate (_ssl.c:992)')))

PLAY [Test Ansible Connection] ************************************************************
[WARNING]: Failure using method (v2_playbook_on_play_start) in callback plugin
(<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f4b47a812d0>):
'NoneType' object is not subscriptable

TASK [connection test] ********************************************************************
[WARNING]: Failure using method (v2_playbook_on_task_start) in callback plugin
(<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f4b47a812d0>):
'NoneType' object is not subscriptable
ok: [hpc-wiki-p]

TASK [stop ssh client persistant connection] **********************************************

PLAY RECAP ********************************************************************************
hpc-wiki-p                 : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[WARNING]: Failure using method (v2_playbook_on_stats) in callback plugin
(<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f4b47a812d0>):
'NoneType' object is not subscriptable

What should be happening ?

The default ca bundle trusted by the system should be used by default when api_ca is not specified

Software Versions

Ansible = 7.1.0 (Core = 2.14) OS = Fedora 37 Python = 3.11 ARA = 1.6.0 Install Source = pip

nlvw avatar Dec 08 '22 23:12 nlvw