ansible
Bug report for Ansible Network Workshop running Private Automation Hub
Problem Summary
Hi Folks! I'm getting the following error message when running Ansible Controller v2.1 Network Workshop using the Private Automation Hub Organization that is trying to pull the collections from the PAHub Lab device:
"stdout": "Starting galaxy collection install process\nProcess install dependency map", "stderr": "[WARNING]: Skipping Galaxy server\nhttps://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/. Got an\nunexpected error when getting available versions of collection servicenow.itsm:\nUnknown error when attempting to call Galaxy at\n'https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/api':\n<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:\nunable to get local issuer certificate (_ssl.c:1125)>\nERROR! Unknown error when attempting to call Galaxy at 'https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)>",
This happens when creating a Controller Project which contains the following config:
Last Job Status Failed Name SNOW Organization Red Hat network organization Source Control Type Git Source Control Revision Sync for revision Source Control URL https://gitlab.com/mlowcher/servicenow Cache Timeout 0 Seconds Project Base Path /var/lib/awx/projects Playbook Directory _21__snow Created 7/19/2022, 11:19:23 AM by admin Last Modified 7/19/2022, 11:19:23 AM by admin Enabled Options Discard local changes before syncing Delete the project before syncing
According to the documentation, this is a Cert issue reported in this case (https://access.redhat.com/solutions/5648281); however, none of the solutions recommended here works for the lab. The galaxy documentation recommends adding "--ignore-certs" which Controller does not offers at Projects, Templates, nor ansible.cfg file config to set on this value. Renaming "pulp_webserver.*" Certs didn't fix the issue since Nginx requires the ".crt" file to run.
I was told that AAP v2.2 would fix that issue if this is the case. Feel free to close this case; I'll wait for v2.2 workshops. Thanks, Roberto
Issue Type
Bug
Extra vars file
none
Ansible Playbook Output
{ "changed": false, "stdout": "Starting galaxy collection install process\nProcess install dependency map", "stderr": "[WARNING]: Skipping Galaxy server\nhttps://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/. Got an\nunexpected error when getting available versions of collection servicenow.itsm:\nUnknown error when attempting to call Galaxy at\n'https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/api':\n<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:\nunable to get local issuer certificate (_ssl.c:1125)>\nERROR! Unknown error when attempting to call Galaxy at 'https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)>", "rc": 1, "cmd": [ "ansible-galaxy", "collection", "install", "-r", "/var/lib/awx/projects/_21__snow/collections/requirements.yml", "--collections-path", "/var/lib/awx/projects/.__awx_cache/_21__snow/stage/requirements_collections" ], "start": "2022-07-19 18:19:30.990141", "end": "2022-07-19 18:19:31.614639", "delta": "0:00:00.624498", "msg": "non-zero return code", "invocation": { "module_args": { "chdir": "/var/lib/awx/projects/_21__snow", "_raw_params": "ansible-galaxy collection install -r /var/lib/awx/projects/_21__snow/collections/requirements.yml --collections-path /var/lib/awx/projects/.__awx_cache/_21__snow/stage/requirements_collections \n", "_uses_shell": false, "warn": false, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "executable": null, "creates": null, "removes": null, "stdin": null } }, "stdout_lines": [ "Starting galaxy collection install process", "Process install dependency map" ], "stderr_lines": [ "[WARNING]: Skipping Galaxy server", "https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/. Got an", "unexpected error when getting available versions of collection servicenow.itsm:", "Unknown error when attempting to call Galaxy at", "'https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/api':", "<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:", "unable to get local issuer certificate (_ssl.c:1125)>", "ERROR! Unknown error when attempting to call Galaxy at 'https://hub.0608.example.opentlc.com/api/galaxy/content/rh-certified/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)>" ], "_ansible_no_log": false, "item": "/var/lib/awx/projects/_21__snow/collections/requirements.yml", "ansible_loop_var": "item", "_ansible_item_label": "/var/lib/awx/projects/_21__snow/collections/requirements.yml" }
Ansible Version
Ansible Automation Platform Controller 4.1.2
Ansible Configuration
$ ansible-config dump --only-changed ACTION_WARNINGS(/etc/ansible/ansible.cfg) = False COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH(/etc/ansible/ansible.cfg) = ignore DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = ['/home/student/lab_inventory/hosts'] DEFAULT_STDOUT_CALLBACK(/etc/ansible/ansible.cfg) = yaml DEFAULT_TIMEOUT(/etc/ansible/ansible.cfg) = 60 DEPRECATION_WARNINGS(/etc/ansible/ansible.cfg) = False DEVEL_WARNING(/etc/ansible/ansible.cfg) = False HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = auto_silent PERSISTENT_COMMAND_TIMEOUT(/etc/ansible/ansible.cfg) = 200 PERSISTENT_CONNECT_TIMEOUT(/etc/ansible/ansible.cfg) = 200 RETRY_FILES_ENABLED(/etc/ansible/ansible.cfg) = False SYSTEM_WARNINGS(/etc/ansible/ansible.cfg) = False
Ansible Execution Node
Ansible Controller (previously known as Ansible Tower)
Operating System
/etc/redhat-release :::::::::::::: Red Hat Enterprise Linux release 8.6 (Ootpa)
