szh
commented
2 years ago There is an optional parameter, validate_certs which can be set to false to allow self-signed (invalid) certificates. The value of this parameter is passed to all calls to the Ansible open_url function. However until Ansible 1.9.2 this was treated as false by default. This change is noted in the Ansible docs.
Summary
When attempting to use the
conjur_variablelookup plugin for Ansible with Conjur OSS in non-HTTPS mode for demo, POC, and lab testing, an error is returned.Steps to Reproduce
conjur_variableto fetch a secret from Conjur OSS using HTTP.Expected Results
The secret should be successfully fetched and returned to the Ansible playbook by the
conjur_variablelookup plugin.Actual Results
The following error is returned:
An attempt to explore Conjur OSS logs using
docker logs root_conjur_1returns no connection attempted by Ansible to the service. The request does not make it past ourconjur_variablelookup plugin.Here is the playbook that is being run:
Reproducible
Version/Tag number
Environment setup
It is running on a Google Cloud Platform VM. Using the Ubuntu version and Linux kernel version provided above.
Google Cloud Platform Compute Engine, Docker-Compose - versions provided above.
I believe I've provided sufficient information.
Additional Information
This problem has been recognized and reported by the community through CyberArk Commons. It was identified in July 2020 and was met with no resolution. The original poster apparently gave up on any support and moved to a different solution all together. You can see the original post at https://discuss.cyberarkcommons.org/t/ansible-fetching-secrets-from-conjur-faces-error-error-was-a-class-urllib2-httperror-original-message-http-error-404-not-found-which-is-fetched-by-api/861.