Can you post the output of: echo foo | openssl s_client -showcerts -servername 172.17.0.1 -connect 172.17.0.1:8200
On Sat, 22 Apr 2023 at 15:33, Frédéric GAUTHIER BESNARD < [email protected]> wrote: > Hi, > > I try to create an playbook look like to this command: > > === > curl --header "X-Vault-Token: $VAULT_TOKEN" \ > --request POST \ > --data @payload.json \ > --cacert /etc/ssl/hashistack/hashistack-ca.pem \ > --cert /etc/ssl/hashistack/dc1-server-vault.pem \ > --key /etc/ssl/hashistack/dc1-server-vault.key \ > https://172.17.0.1:8200/v1/auth/token/renew-self > === > > bash-5.1# ansible --version > ansible [core 2.14.4] > config file = None > configured module search path = ['/root/.ansible/plugins/modules', > '/usr/share/ansible/plugins/modules'] > ansible python module location = > /usr/local/lib/python3.10/site-packages/ansible > ansible collection location = > /root/.ansible/collections:/usr/share/ansible/collections > executable location = /usr/local/bin/ansible > python version = 3.10.5 (main, Jul 20 2022, 01:24:16) [GCC 10.3.1 > 20211027] (/usr/local/bin/python) > jinja version = 3.1.2 > libyaml = False > > > This is my playbook: > > === > - name: Renew Vault Token > hosts: localhost > become: no > connection: local > vars: > ansible_python_interpreter: /usr/local/bin/python3.10 > tasks: > - name: Vault Token | Renew a token self > ansible.builtin.uri: > url: "https://172.17.0.1:8200"; > ca_path: "/etc/ssl/hashistack/hashistack-ca.pem" > client_cert: "/etc/ssl/hashistack/dc1-server-vault.pem" > client_key: "/etc/ssl/hashistack/dc1-server-vault.key" > method: POST > headers: > X-Vault-Token: "{{ lookup('ansible.builtin.env', 'VAULT_TOKEN') }}" > body: | > { > "increment": "48h" > } > body_format: json > status_code: > - 200 > === > > Playbook runs on docker container alpine with volume mount > /etc/ssl/hashistack folder. > > It works with previous curl simple command. But with ansible: ( > ansible-playbook -i localhost, playbook.yml -vvvvv) > > > TASK [Vault Token | Renew a token self] > ************************************************************************************************************************ > task path: /data/playbook4.yml:8 > <localhost> ESTABLISH LOCAL CONNECTION FOR USER: root > <localhost> EXEC /bin/sh -c 'echo ~root && sleep 0' > <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo > /root/.ansible/tmp `"&& mkdir "` echo > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774 `" && > echo ansible-tmp-1682170225.9506385-907-180721098619774="` echo > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774 `" ) > && sleep 0' > Including module_utils file ansible/__init__.py > Including module_utils file ansible/module_utils/__init__.py > Including module_utils file ansible/module_utils/_text.py > Including module_utils file ansible/module_utils/basic.py > Including module_utils file > ansible/module_utils/common/_collections_compat.py > Including module_utils file ansible/module_utils/common/__init__.py > Including module_utils file ansible/module_utils/common/_json_compat.py > Including module_utils file ansible/module_utils/common/_utils.py > Including module_utils file ansible/module_utils/common/arg_spec.py > Including module_utils file ansible/module_utils/common/file.py > Including module_utils file ansible/module_utils/common/parameters.py > Including module_utils file ansible/module_utils/common/collections.py > Including module_utils file ansible/module_utils/common/process.py > Including module_utils file ansible/module_utils/common/sys_info.py > Including module_utils file ansible/module_utils/common/text/converters.py > Including module_utils file ansible/module_utils/common/text/__init__.py > Including module_utils file ansible/module_utils/common/text/formatters.py > Including module_utils file ansible/module_utils/common/validation.py > Including module_utils file ansible/module_utils/common/warnings.py > Including module_utils file ansible/module_utils/compat/selectors.py > Including module_utils file ansible/module_utils/compat/__init__.py > Including module_utils file ansible/module_utils/compat/_selectors2.py > Including module_utils file ansible/module_utils/compat/selinux.py > Including module_utils file ansible/module_utils/distro/__init__.py > Including module_utils file ansible/module_utils/distro/_distro.py > Including module_utils file ansible/module_utils/errors.py > Including module_utils file ansible/module_utils/parsing/convert_bool.py > Including module_utils file ansible/module_utils/parsing/__init__.py > Including module_utils file ansible/module_utils/pycompat24.py > Including module_utils file ansible/module_utils/six/__init__.py > Including module_utils file ansible/module_utils/urls.py > Using module file /usr/lib/python3.9/site-packages/ansible/modules/uri.py > <localhost> PUT /root/.ansible/tmp/ansible-local-8698sf4r32t/tmpfy224g4z > TO > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/AnsiballZ_uri.py > <localhost> EXEC /bin/sh -c 'chmod u+x > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/ > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/AnsiballZ_uri.py > && sleep 0' > <localhost> EXEC /bin/sh -c '/usr/local/bin/python3.10 > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/AnsiballZ_uri.py > && sleep 0' > <localhost> EXEC /bin/sh -c 'rm -f -r > /root/.ansible/tmp/ansible-tmp-1682170225.9506385-907-180721098619774/ > > /dev/null 2>&1 && sleep 0' > fatal: [localhost]: FAILED! => { > "changed": false, > "elapsed": 0, > "invocation": { > "module_args": { > "attributes": null, > "body": "{\n \"increment\": \"48h\"\n}\n", > "body_format": "json", > "ca_path": "/etc/ssl/hashistack/hashistack-ca.pem", > "client_cert": "/etc/ssl/hashistack/dc1-server-vault.pem", > "client_key": "/etc/ssl/hashistack/dc1-server-vault.key", > "creates": null, > "dest": null, > "follow_redirects": "safe", > "force": false, > "force_basic_auth": false, > "group": null, > "headers": { > "Content-Type": "application/json", > "X-Vault-Token": "xxxx" > }, > "http_agent": "ansible-httpget", > "method": "POST", > "mode": null, > "owner": null, > "remote_src": false, > "removes": null, > "return_content": false, > "selevel": null, > "serole": null, > "setype": null, > "seuser": null, > "src": null, > "status_code": [ > 200 > ], > "timeout": 30, > "unix_socket": null, > "unsafe_writes": false, > "url": "https://172.17.0.1:8200";, > "url_password": null, > "url_username": null, > "use_gssapi": false, > "use_proxy": true, > "validate_certs": true > } > }, > "msg": "Status code was -1 and not [200]: Request failed: <urlopen error > [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get > local issuer certificate (_ssl.c:997)>", > "redirected": false, > "status": -1, > "url": "https://172.17.0.1:8200"; > } > > PLAY RECAP > ***************************************************************************************************************************************************** > localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 > ignored=0 > > > > I installed pyopenssl > I tried with validate_certs: no, error 207. > > What is the problem? > > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c25e536c-aae3-4bc3-a4a4-87116202d95en%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/c25e536c-aae3-4bc3-a4a4-87116202d95en%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLYO%2Bve-v-ov40bPOSJpc6nOe9jTLwaJxwzbBRpz%2Bcu9hg%40mail.gmail.com.
