Akasurde
commented
3 years ago @pgbidkar Could you please check this?
Closed FallingSkie closed 3 years ago
Akasurde
commented
3 years ago @pgbidkar Could you please check this?
Akasurde
commented
3 years ago cc @anusha94
anusha94
commented
3 years ago @Akasurde
Is it the same behavior with other modules too or only tagging in particular? I am able to run a sample by disabling verification.
Akasurde
commented
3 years ago yes, for all modules which use the vsphere automation SDK
anusha94
commented
3 years ago @Akasurde
I followed the Ansible issues thread where you have rightly pointed out that REQUESTS_CA_BUNDLE is set on the node. This is overriding the session.verify setting (this saved me a lot of time!)
Looks like this is a known issue in the requests library - https://github.com/psf/requests/issues/3829
There seems to be a fix in the v3 release of requests package.
We don't want to override host's env variable either, so I will add a note in the README about this. Can you do the same in the Ansible repo?
I think we should rather wait for the official fix than adding a work around in the SDK.
Akasurde
commented
3 years ago Yes. I will add a note in Ansible Doc about this.
malodie
commented
3 years ago I am also having this issue, but directly, not using Ansible. I'm just starting to dig deeper into this SDK.
Using the base code in the SDK repo gives me a ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091), but I have session.verify = False and urllib3.disable_warnings() set manually. I get this no matter which sample script I attempt to run. It just ignores the skip verify flag.
Is the requests thing still an issue for the SDK? Seems like it is still open.
Up for a workaround, if anyone has ideas.
Akasurde
commented
3 years ago @malodie Have you tried this - https://github.com/psf/requests/issues/3829#issuecomment-275603654
Akasurde
commented
3 years ago @malodie I found that if you set session.trust_env = False then you can circumvent this odd behavior per session. Like -
import requests
session = requests.session()
session.verify = False
session.trust_env = False
r = session.get("https://github.com",)
This is true for requests 2.* release. This odd behavior is fixed in requests 3.0.0 release - https://github.com/psf/requests/pull/2839
malodie
commented
3 years ago @malodie I found that if you set
session.trust_env = Falsethen you can circumvent this odd behavior per session. Like -import requests session = requests.session() session.verify = False session.trust_env = False r = session.get("https://github.com",)This is true for requests 2.* release. This odd behavior is fixed in requests 3.0.0 release - psf/requests#2839
This worked. Thanks for the help!
shwetapurohit
commented
3 years ago Thanks @malodie closing this issue
Environment
sdk package version:
hvac (0.10.5) nsx-vmc-aws-integration-python-sdk (3.0.2.0.0.16837625) nsx-vmc-policy-python-sdk (3.0.2.0.0.16837625) python-dotenv (0.14.0) pyvmomi (7.0.1) vapi-client-bindings (3.5.0) vapi-common-client (2.19.0) vapi-runtime (2.19.0) vmc-client-bindings (1.30.0) vmc-draas-client-bindings (1.16.0) vSphere-Automation-SDK (1.43.0)
python version:
Python 2.7.5
vSphere version: 6.7
Operating System/Shell (used to run SDK-based apps): RHEL 7.9 and it runs via an Ansible Playbook.
Steps or code snippet to reproduce
Actual behavior
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.SSLError: HTTPSConnectionPool(host='vcenter_hostname', port=443): Max retries exceeded with url: /api (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
Expected behavior
It should set the Tags. When I clone my template via ansible it is working fine (it is in the same playbook). Same logindata and same VCenter.