Problem:
When I run the content_credentials collection downloaded from ansible-galaxy I run into this certificate error:
…
-----END PGP PUBLIC KEY BLOCK-----", “content_type”: “gpg_key”, “name”: “RPM-GPG-KEY-google-crome”}, “msg”: “Failed to connect to Foreman server: DocLoadingError: Could not load data from https://foreman.domain.tld: HTTPSConnectionPool(host=‘foreman.domain.tld’, port=443): Max retries exceeded with url: /apidoc/v2.json (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)’)))\n - is your server down?\n - was rake apipie:cache run when using apipie cache? (typical production settings)”}
Expected outcome:
I expect the module to trust the system CA’s (including my self signed freeIPA-CA) like i.e curl does.
Alternatively some documentation on how to add trusted CA’s. On this link there is a “validate_certs” attribute:
########################
Ruby and puppet is still in part kind of a mystery to me so the “apipie rake”-business I don’t know what to think of. Could that be relevant?
NOTE
My URL’s are edited and could be inconsistent.
Thanks for your answer. Didn’t notice the “s” at the end. Eyes are the first thing you get blind at…
I read the docs for role but used the module.
However, I would prefer that the system CA’s be trusted and since you state that they should, let’s focus on that.
I run my ansible playbook on a remote host towards the foreman server. On the same remote host the curl command towards the api validates the certificate against the system trusted CA’s just fine:
It also work to ask the api for stuff using curl with authentication. Both foreman host and remote host have ipv4 and ipv6 addresses and the forward and reverse lookups works.
I’ve tried the validate_certs: false attribute and then it works but as soon as I want verification it fails with thiss message:
fatal: [localhost]: FAILED! => {“changed”: false, “msg”: “Failed to connect to Foreman server: SSLError: HTTPSConnectionPool(host=‘foreman.domain.tld’, port=443): Max retries exceeded with url: /api/status (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)’)))”}
I got almost the same error against a foreman 2.5.1 server I’m about to set up (hence the interest in automating the boring stuff):
fatal: [localhost]: FAILED! => {“changed”: false, “msg”: “Failed to connect to Foreman server: DocLoadingError: Could not load data from https://newforeman.domain.tld: HTTPSConnectionPool(host=‘newforeman.domain.tld’, port=443): Max retries exceeded with url: /apidoc/v2.json (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)’)))\n - is your server down?\n - was rake apipie:cache run when using apipie cache? (typical production settings)”}
As I said in my first post I’m using a self signed custom freeIPA cert but it’s trusted by curl. All services are up and running on both the 2.2.3 and 2.5.1 servers according to “foreman-maintain service status -b”.