awx-operator icon indicating copy to clipboard operation
awx-operator copied to clipboard

Published 20 hours ago • verified publisher icon ansible

Unable to sync Projects to GitHub - SSL Error

Open GiuffreLab opened this issue 2 years ago • 8 comments

ISSUE TYPE
  • Bug Report
SUMMARY
ENVIRONMENT
  • AWX version: 20.0.1
  • Operator version: 0.19.0
  • Kubernetes version: k3s v1.22.7+k3s1
  • AWX install method: https://github.com/GiuffreLab/awx-operator.git on an Ubuntu VM.
STEPS TO REPRODUCE

Either with the Demo Project or a previously known working setup of a source control for GitHub via PAT, all GitHub syncs fail with an SSL error.

EXPECTED RESULTS

project would sync to Github repo with current project

ACTUAL RESULTS

{ "cmd": "/usr/bin/git ls-remote https://github.com/ansible/ansible-tower-samples -h refs/heads/HEAD", "rc": 128, "stdout": "", "stderr": "fatal: unable to access 'https://github.com/ansible/ansible-tower-samples/': SSL certificate problem: unable to get local issuer certificate\n", "msg": "fatal: unable to access 'https://github.com/ansible/ansible-tower-samples/': SSL certificate problem: unable to get local issuer certificate", "invocation": { "module_args": { "dest": "/var/lib/awx/projects/_6__demo_project", "repo": "https://github.com/ansible/ansible-tower-samples", "version": "HEAD", "force": false, "track_submodules": false, "remote": "origin", "clone": true, "update": true, "verify_commit": false, "gpg_whitelist": [], "accept_hostkey": false, "accept_newhostkey": false, "bare": false, "recursive": true, "single_branch": false, "refspec": null, "reference": null, "depth": null, "key_file": null, "ssh_opts": null, "executable": null, "umask": null, "archive": null, "archive_prefix": null, "separate_git_dir": null } }, "stdout_lines": [], "stderr_lines": [ "fatal: unable to access 'https://github.com/ansible/ansible-tower-samples/': SSL certificate problem: unable to get local issuer certificate" ], "_ansible_no_log": false, "changed": false }

GiuffreLab avatar Mar 29 '22 22:03 GiuffreLab

So far we haven't heard about others experiencing this issue. You may open a discussion on https://groups.google.com/g/awx-project

fosterseth avatar Apr 01 '22 17:04 fosterseth

We are receiving the same issue, so we have changed to clone the repo with SSH instead of HTTPS.

But we are using custom domain with a public ssl certificate, like company.gitlab.com

prinzpi avatar Apr 04 '22 07:04 prinzpi

20.1.0 seems to have fixed this issue.

GiuffreLab avatar Apr 17 '22 14:04 GiuffreLab

I am also getting unable to get local issuer certificate.

I installed awx on minikube following the official documentation :https://github.com/ansible/awx-operator

I have created the bundle certificate following the documentation, I added it to my awx.yaml (kind: awx) under "spec".

I made sure the secret was generetaed inside the awx namespace.

kubectl create secret generic -custom-certs
--from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>

*** Take note here, it says The certificate should be PEM type, ***

One thing I don’t get tho, I created the secret from the “bundle-ca.crt” located on my gitlab server, however the documentation states that the file should be .PEM Why should I need a PEM if I already have the bundle-ca.crt available ???

Even after adding the certificate, I am still unable to synchronize my git project.

My GitLab server is on the local network, however I am not willing to disable ssl check. I would like to fix this the clean way

AntMCE avatar Oct 15 '22 18:10 AntMCE

Is there an update on this?

I have the identical problems with a freshly set up AWX 22.1.0 from AWX Operator 2.0.1

ghost avatar May 02 '23 12:05 ghost

Same here. I am running into issue on AWX K3S running on Ubuntu server. I have followed https://github.com/ansible/awx-operator/issues/849#issuecomment-1279799319 as well and am confused between .crt and .pem from the document.

kaziislam avatar Dec 20 '23 02:12 kaziislam

I am also getting unable to get local issuer certificate.

I installed awx on minikube following the official documentation :https://github.com/ansible/awx-operator

I have created the bundle certificate following the documentation, I added it to my awx.yaml (kind: awx) under "spec".

I made sure the secret was generetaed inside the awx namespace.

kubectl create secret generic -custom-certs --from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>

*** Take note here, it says The certificate should be PEM type, ***

One thing I don’t get tho, I created the secret from the “bundle-ca.crt” located on my gitlab server, however the documentation states that the file should be .PEM Why should I need a PEM if I already have the bundle-ca.crt available ???

Even after adding the certificate, I am still unable to synchronize my git project.

My GitLab server is on the local network, however I am not willing to disable ssl check. I would like to fix this the clean way

I am confused here as well between .crt and .pem comment.

kaziislam avatar Dec 20 '23 02:12 kaziislam

Workaround: add on Settings - Jobs - EXTRA ENVIRONMENT Variable - GIT_SSL_NO_VERIFY to true

Sergiodcm00 avatar Feb 15 '24 21:02 Sergiodcm00