Closed jf229 closed 8 months ago
If your ONTAP APi instance if using the default self signed certificate you'll want to change the validate_certs from true to false
If your ONTAP APi instance if using the default self signed certificate you'll want to change the validate_certs from true to false
Thanks for the reply Chris, these clusters are using internal CA signed certificates, not self signed. The certificate verification seems to work successfully when we don't specify 'use_rest: always' as it defaults to 'use_rest: auto' and I believe is using ZAPI to make the request due to the ONTAP version (mix of 9.7 + and 9.8 +). We have reported this through our netapp support contract channels and believe it is being looked at there as well.
Any update on this @jf229? Seem to be encountering the same issue.
As a quick fix Setting
validate_certs: false
Turns off the certificate verification in python. There a bunch of reason why it might not be working https://cheapsslweb.com/blog/ssl-certificate-verify-failed-error-in-python
No other updates, we've had to revert to using use_rest: never
as the user account creation didn't work in some cases with the default settings.
also should note that we installed ca cert to the python ca cert file, which can be located with the following python -c 'import certifi; print(certifi.where())'
I was able to resolve the issue by specifying the CA certificates bundle via the environment
directive. i.e.
environment:
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
Summary
when adding use_rest: always with the na_ontap_user module I’m getting a bunch of certificate verify issues… if I remove that parameter and it just uses the default value I don’t get any cert errors… is it possible the REST SSL end points aren’t setup correctly?
Component Name
netapp.ontap.na_ontap_user
Ansible Version
ONTAP Collection Version
ONTAP Version
Playbook
Steps to Reproduce
when adding use_rest: always with the na_ontap_user module I’m getting a bunch of certificate verify issues… if I remove that parameter and it just uses the default value I don’t get any cert errors
Expected Results
when adding use_rest: always with the na_ontap_user module it should validate the ssl connection with the same logic that it uses when it works with the default use_rest: auto
Actual Results
Cert verify errors - (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))"