Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
It appears that the tls_verify: false parameter in the containers.podman.podman_container module is not functioning as intended.
The following Ansible task with tls_verify: false fails with the error tls: failed to verify certificate: x509: certificate signed by unknown authority.
- name: Run container
containers.podman.podman_container:
name: container
image: mirror.example.localdomain:8443/bitnami/wildfly:latest
state: started
tls_verify: false
The container registry mirror.example.localdomain:8443 is a Mirror Registry for Red Hat OpenShift installed following the official procedure.
Steps to reproduce the issue:
Prepare a container registry whose CA certificate is not trusted (e.g. container registry installed with self-signed certificate).
Push the container image used for reproduction to the container registry.
Run the above Ansible task.
Describe the results you received:
Error Message:
fatal: [192.168.0.116]: FAILED! => {"changed": false, "msg": "Can't pull image mirror.example.localdomain:8443/bitnami/wildfly:latest", "stderr": "Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...\nError: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \"https://mirror.example.localdomain:8443/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority\n", "stderr_lines": ["Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...", "Error: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \"https://mirror.example.localdomain:8443/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority"], "stdout": "", "stdout_lines": []}
Describe the results you expected:
The above Ansible task succeeds.
Additional information you deem important (e.g. issue happens only occasionally):
Observations:
The podman pull command with --tls-verify=false works as expected:
$ podman pull --tls-verify=false mirror.example.localdomain:8443/bitnami/wildfly:latest
Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...
Getting image source signatures
Copying blob c474834cc9f5 done |
Copying config 894653a2ff done |
Writing manifest to image destination
894653a2ffc11740c278ff859a1bf78ac79975287dc4a49a03c00a2a83a3a6fd
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
mirror.example.localdomain:8443/bitnami/wildfly latest 894653a2ffc1 7 days ago 826 MB
After setting CA certificate for the registry, the Ansible task succeeds without tls_verify: false.
Version of the containers.podman collection:Either git commit if installed from git: git show --summaryOr version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman
$ ansible-galaxy collection list | grep containers.podman
containers.podman 1.15.4
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
It appears that the
tls_verify: false
parameter in thecontainers.podman.podman_container
module is not functioning as intended. The following Ansible task withtls_verify: false
fails with the errortls: failed to verify certificate: x509: certificate signed by unknown authority
.The container registry
mirror.example.localdomain:8443
is a Mirror Registry for Red Hat OpenShift installed following the official procedure.Steps to reproduce the issue:
Prepare a container registry whose CA certificate is not trusted (e.g. container registry installed with self-signed certificate).
Push the container image used for reproduction to the container registry.
Run the above Ansible task.
Describe the results you received:
Error Message:
Describe the results you expected:
The above Ansible task succeeds.
Additional information you deem important (e.g. issue happens only occasionally):
Observations:
podman pull
command with--tls-verify=false
works as expected:tls_verify: false
.Version of the
containers.podman
collection: Either git commit if installed from git:git show --summary
Or version fromansible-galaxy
if installed from galaxy:ansible-galaxy collection list | grep containers.podman
Output of
ansible --version
:Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Playbok you run with ansible (e.g. content of
playbook.yaml
):Command line and output of ansible run with high verbosity
Additional environment details (AWS, VirtualBox, physical, etc.):
RHEL 9.4 on VMware vSphere virtual machine