produces a vault remote error

[jaychris]

I've set VAULT_ADDRESS=https://vault_host:8200 and I've set the VAULT_TOKEN.

I'm not certain what is producing this - when I run a sample job against my Vault instance (for a test variable at 'secret/hello', I get this error in ansible:

fatal: [vault_host]: FAILED! => {"failed": true, "msg": "Unable to read secret/hello from vault"}

and this error is issued by Vault itself:

2016/04/05 23:07:06 http: TLS handshake error from 192.168.130.34:57117: remote error: unknown certificate authority

I don't have any issues with other apps or API's (Ruby Vault API, curl commands, Vault commands, etc...), but... none of them are Python based and so I imagine there could be some config I need to set. I tried setting VAULT_CAPATH like I do for Vault CLI operations, but that didn't solve the issue.

If I run a curl command from the same host, I get this:

curl -k -X GET -H "X-Vault-Token: $VAULT_TOKEN" https://vault_host:8200/v1/secret/hello
{"lease_id":"","renewable":false,"lease_duration":86400,"data":{"value":"world"},"warnings":null,"auth":null}

I guess I'm just wondering if you can help me figure out if the issue is with the plugin or "somewhere else that I need to go RTFM on".

Thanks!

EDIT: The more I research, the more this seems like an Ansible issue, but I'll leave it open until I'm certain.

[jaychris]

The issue was Ansible certs, nothing to do with the module or Vault itself. Once I imported the SSL certs to the system (Ansible seems to want them in /etc/ssl/certs), things worked.

[automaticgiant]

@jaychris what do you mean by "ansible certs" ?