Open jsikarin opened 3 months ago
If the proxy is rewriting the root cert, you'll likely have to add the new cert bundle to your EE. You should be able to set the AWS_CA_BUNDLE
env var to point to this (https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#environment-variable-configuration).
Summary
When I attempt to pull an EC2 inventory through a corporate proxy in RHAAP I recieve the following SSL error.
ansible-inventory [core 2.17.1] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.11/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections:/usr/share/automation-controller/collections executable location = /usr/local/bin/ansible-inventory python version = 3.11.9 (main, Apr 26 2024, 22:18:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] (/usr/bin/python3) jinja version = 3.1.4 libyaml = True No config file found; using defaults [DEPRECATION WARNING]: ANSIBLE_COLLECTIONS_PATHS option, does not fit var naming standard, use the singular form ANSIBLE_COLLECTIONS_PATH instead. This feature will be removed from ansible-core in version 2.19. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. setting up inventory plugins Loading collection ansible.builtin from redirecting (type: inventory) ansible.builtin.aws_ec2 to amazon.aws.aws_ec2 Loading collection amazon.aws from /usr/share/ansible/collections/ansible_collections/amazon/aws Using inventory plugin 'ansible_collections.amazon.aws.plugins.inventory.aws_ec2' to process inventory source '/runner/inventory/aws_ec2.yml' [WARNING]: * Failed to parse /runner/inventory/aws_ec2.yml with auto plugin: Failed to describe instances: SSL validation failed for https://ec2.us-west-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006) File "/usr/local/lib/python3.11/site-packages/ansible/inventory/manager.py", line 292, in parse_source plugin.parse(self._inventory, self._loader, source, cache=cache) File "/usr/local/lib/python3.11/site-packages/ansible/plugins/inventory/auto.py", line 58, in parse plugin.parse(inventory, loader, path, cache=cache) File "/usr/share/ansible/collections/ansible_collections/amazon/aws/plugins/inventory/aws_ec2.py", line 816, in parse results = self._query(regions, include_filters, exclude_filters, strict_permissions, use_ssm_inventory) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/share/ansible/collections/ansible_collections/amazon/aws/plugins/inventory/aws_ec2.py", line 644, in _query for i in self._get_instances_by_region( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/share/ansible/collections/ansible_collections/amazon/aws/plugins/inventory/aws_ec2.py", line 547, in _get_instances_by_region self.fail_aws("Failed to describe instances", exception=e) File "/usr/share/ansible/collections/ansible_collections/amazon/aws/plugins/plugin_utils/base.py", line 35, in fail_aws self._do_fail(f"{message}: {to_native(exception)}") File "/usr/share/ansible/collections/ansible_collections/amazon/aws/plugins/plugin_utils/base.py", line 28, in _do_fail raise AnsibleError(message) [WARNING]: Unable to parse /runner/inventory/aws_ec2.yml as an inventory source ERROR! No inventory was parsed, please check your configuration and options.
I'm attempting to populate an inventory in RHAAP using an execution environment built myself containing the amazon.aws collection. I am unable to replicate the AWS Inventory I made in RHAAP so I created a new inventory called someinventory.yml whose contents are below
`--- plugin: aws_ec2 aws_access_key: XXXXXXXXXXXXXXXX aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxx regions:
I try to pull an inventory using my custom execution environment and the above .yml file using the following command
ansible-navigator inventory -i someinventory.yml --execution-environment-image=localhost/something_aws
which results in the following output
` Warning
`
Issue Type
Bug Report
Component Name
ec2_instance
Ansible Version
Collection Versions
AWS SDK versions
Configuration
OS / Environment
RHEL 8
Steps to Reproduce
Expected Results
I expect to be able to pull a list of ec2 instances
Actual Results
Code of Conduct