Hi, I try to create an playbook look like to this command:
=== curl --header "X-Vault-Token: $VAULT_TOKEN" \ --request POST \ --data @payload.json \ --cacert /etc/ssl/hashistack/hashistack-ca.pem \ --cert /etc/ssl/hashistack/dc1-server-vault.pem \ --key /etc/ssl/hashistack/dc1-server-vault.key \ https://172.17.0.1:8200/v1/auth/token/renew-self === bash-5.1# ansible --version ansible [core 2.14.4] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.10/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.10.5 (main, Jul 20 2022, 01:24:16) [GCC 10.3.1 20211027] (/usr/local/bin/python) jinja version = 3.1.2 libyaml = False This is my playbook: === - name: Renew Vault Token hosts: localhost become: no connection: local vars: ansible_python_interpreter: /usr/local/bin/python3.10 tasks: - name: Vault Token | Renew a token self ansible.builtin.uri: url: "https://172.17.0.1:8200"; ca_path: "/etc/ssl/hashistack/hashistack-ca.pem" client_cert: "/etc/ssl/hashistack/dc1-server-vault.pem" client_key: "/etc/ssl/hashistack/dc1-server-vault.key" method: POST headers: X-Vault-Token: "{{ lookup('ansible.builtin.env', 'VAULT_TOKEN') }}" body: | { "increment": "48h" } body_format: json status_code: - 200 === Playbook runs on docker container alpine with volume mount /etc/ssl/hashistack folder. It works with previous curl simple command. But with ansible: ( ansible-playbook -i localhost, playbook.yml -vvvvv) TASK [Vault Token | Renew a token self] ************************************************************************************************************************ task path: /data/playbook4.yml:8 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: root <localhost> EXEC /bin/sh -c 'echo ~root && sleep 0' <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774 `" && echo ansible-tmp-1682170225.9506385-907-180721098619774="` echo /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774 `" ) && sleep 0' Including module_utils file ansible/__init__.py Including module_utils file ansible/module_utils/__init__.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/common/_collections_compat.py Including module_utils file ansible/module_utils/common/__init__.py Including module_utils file ansible/module_utils/common/_json_compat.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/__init__.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selectors.py Including module_utils file ansible/module_utils/compat/__init__.py Including module_utils file ansible/module_utils/compat/_selectors2.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/distro/__init__.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/__init__.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/__init__.py Including module_utils file ansible/module_utils/urls.py Using module file /usr/lib/python3.9/site-packages/ansible/modules/uri.py <localhost> PUT /root/.ansible/tmp/ansible-local-8698sf4r32t/tmpfy224g4z TO /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/AnsiballZ_uri.py <localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/ /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/AnsiballZ_uri.py && sleep 0' <localhost> EXEC /bin/sh -c '/usr/local/bin/python3.10 /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/AnsiballZ_uri.py && sleep 0' <localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/ > /dev/null 2>&1 && sleep 0' fatal: [localhost]: FAILED! => { "changed": false, "elapsed": 0, "invocation": { "module_args": { "attributes": null, "body": "{\n \"increment\": \"48h\"\n}\n", "body_format": "json", "ca_path": "/etc/ssl/hashistack/hashistack-ca.pem", "client_cert": "/etc/ssl/hashistack/dc1-server-vault.pem", "client_key": "/etc/ssl/hashistack/dc1-server-vault.key", "creates": null, "dest": null, "follow_redirects": "safe", "force": false, "force_basic_auth": false, "group": null, "headers": { "Content-Type": "application/json", "X-Vault-Token": "xxxx" }, "http_agent": "ansible-httpget", "method": "POST", "mode": null, "owner": null, "remote_src": false, "removes": null, "return_content": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": [ 200 ], "timeout": 30, "unix_socket": null, "unsafe_writes": false, "url": "https://172.17.0.1:8200";, "url_password": null, "url_username": null, "use_gssapi": false, "use_proxy": true, "validate_certs": true } }, "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>", "redirected": false, "status": -1, "url": "https://172.17.0.1:8200"; } PLAY RECAP ***************************************************************************************************************************************************** localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 I installed pyopenssl I tried with validate_certs: no, error 207. What is the problem? Thanks -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c25e536c-aae3-4bc3-a4a4-87116202d95en%40googlegroups.com.
