Description
Hi,
First of all, thank you for the excellent work on this module.
I am encountering an issue when authenticating to DVLS within an Ansible task. Below are the details of the problem:
Environment
I installed the ansible-dvls module using ansible-galaxy:
ansible-galaxy collection list
Collection Version
---------------- -------
community.crypto 2.26.0
devolutions.dvls 1.2.1
Playbook
I created the following playbook based on your documentation:
---
- name: Fetch secret from dvls
hosts: localhost
gather_facts: false
vars_files:
- dvls.yml
- secrets.yml
tasks:
- name: Fetch secrets
delegate_to: localhost
block:
- name: Fetch secrets
register: secrets
devolutions.dvls.fetch_secrets:
server_base_url: "{{ dvls_url_test }}"
app_key: "{{ dvls_appkey_test }}"
app_secret: "{{ dvls_appsecret_test }}"
vault_id: "{{ dvls_vaultid_test }}"
secrets: "{{ secrets }}"
- name: Dump secrets
debug:
msg: "{{ secrets }}"
Error Message
However, I am receiving the following error:
PLAY [Fetch secret from dvls] ************************************************************************************************************************************************************
TASK [Fetch secrets] *********************************************************************************************************************************************************************
task path: /home/denuxadmin/ansible_source/ansible-projets/dvls/fetch_secret.yml:12
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to login: Unable to reach the server. Verify your network connection and server URL: HTTPSConnectionPool(host='devolupass-test.adtest.dev', port=443): Max retries exceeded with url: /api/v1/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
"}
Diagnostics
1. Certificate Chain:
The CA chain is correctly installed on my server, as confirmed by the following curl command:
curl -v https://devolupass-test.adtest.dev
The output shows that the certificate is valid and verified:
* Connected to devolupass-test.adtest.dev (10.194.122.12) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=dvls-test.adtest.dev
* start date: Aug 29 08:11:52 2024 GMT
* expire date: Aug 29 08:11:52 2026 GMT
* subjectAltName: host "devolupass-test.adtest.dev" matched cert's "devolupass-test.adtest.dev"
* issuer: DC=net; DC=mipih; CN=mipih-CAS5-CA
* SSL certificate verify ok.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: devolupass-test.adtest.dev
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 200 OK
- Environment Variables:
I have also tried setting the following environment variables without success:
-
SSL_CERT_FILE -
REQUESTS_CA_BUNDLE
Question
Is there anything I may have missed in the configuration or playbook? Any guidance or suggestions on how to resolve this SSL certificate verification issue would be greatly appreciated.
Thank you for your time and assistance.
Best regards,
Nicolas