Zabbix.host returns ImportError: cannot import name 'CertificateError'

[microkc]

I have a playbook setup to install the zabbix agent and add the agent to my zabbix server but I am getting an error when it gets to the hostgroup presence step. The agent part of the playbook works correctly. I initially though it was due to my zabbix server being behind a reverse proxy for https with certificate offloading but I change the config and tried using it without the reverse proxy and still receive the error.

I have tried with host_zabbix_api_use_ssl set to both true and false, I also have host_zabbix_api_validate_certs set to false. I posted on the zabbix forum but did not receive a response.

I am running the latest version of ansible (core 2.17.0) I am running Zabbix server 7.0.0 on debian 12.

Any help is appreciated.

[atocko]

Looks like python library conflict on Ansible controller side. Try creating fresh virtual environment and install only libraries, that the collection depends. Thanks for feedback!

[microkc]

Hi Atocko. I setup a completely new container running arch linux, installed only the default packages, git and ansible. I then installed the zabbix.zabbix collection from ansible galaxy and recieved the exact same error.

I have included the full error below:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ImportError: cannot import name 'CertificateError' from 'ansible.module_utils.urls' (/tmp/ansible_zabbix.zabbix.zabbix_hostgroup_payload__djodc1p/ansible_zabbix.zabbix.zabbix_hostgroup_payload.zip/ansible/module_utils/urls.py) fatal: [10.42.51.27 -> 10.42.50.110]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-local-25689owmxx4p/ansible-tmp-1718236707.2475216-2722-186925354915674/AnsiballZ_zabbix_hostgroup.py\", line 107, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-local-25689owmxx4p/ansible-tmp-1718236707.2475216-2722-186925354915674/AnsiballZ_zabbix_hostgroup.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-local-25689owmxx4p/ansible-tmp-1718236707.2475216-2722-186925354915674/AnsiballZ_zabbix_hostgroup.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible_collections.zabbix.zabbix.plugins.modules.zabbix_hostgroup', init_globals=dict(_module_fqn='ansible_collections.zabbix.zabbix.plugins.modules.zabbix_hostgroup', _modlib_path=modlib_path),\n File \"\", line 226, in run_module\n File \"\", line 98, in _run_module_code\n File \"\", line 88, in _run_code\n File \"/tmp/ansible_zabbix.zabbix.zabbix_hostgroup_payloaddjodc1p/ansible_zabbix.zabbix.zabbix_hostgroup_payload.zip/ansible_collections/zabbix/zabbix/plugins/modules/zabbix_hostgroup.py\", line 94, in \n File \"/tmp/ansible_zabbix.zabbix.zabbix_hostgroup_payloaddjodc1p/ansible_zabbix.zabbix.zabbix_hostgroup_payload.zip/ansible_collections/zabbix/zabbix/plugins/module_utils/zabbix_api.py\", line 12, in \nImportError: cannot import name 'CertificateError' from 'ansible.module_utils.urls' (/tmp/ansible_zabbix.zabbix.zabbix_hostgroup_payload__djodc1p/ansible_zabbix.zabbix.zabbix_hostgroup_payload.zip/ansible/module_utils/urls.py)\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Thanks, Susan

[microkc]

Reading your comment again, I may have misunderstood what you were asking me to do. I followed the steps from here: https://www.redhat.com/sysadmin/python-venv-ansible to create a python virtual environment and installed ansible via pip and uninstalled the ansible package from pacman to ensure I was using the pip version.

I received the exact same error message as before.

If there is anything else you need from me, please just let me know

Thanks, Susan

[atocko]

Fixing ASAP, wait pls Ansible removed Certificate error exception from ansible-core 2.17 We will find a way to fix it and stay compatible. Right now its still possible to use 2.16 without this issue

[atocko]

Published version 1.3.10 on galaxy It adds 2.17 core support and removes CertificateError exception error. Feel free to update.

[microkc]

Thanks for resolving the issue. I am now able to add a host to my zabbix server. This may be unrelated so if you need me to make a new issues, let me know. When it adds the host to my zabbix server it is populating the interface with only the DNS name of the zabbix server and not the IP address of the host I am adding. Please see the excerpt from the verbose output of the host presence task below.

The host is in my inventory under its IP address so I expected it would populate the IP field with the host and set useip to true.

"host": "10.2.1.27", "host_name": "10.2.1.27", "hostgroups": [ "Linux Servers" ], "interfaces": [ { "details": null, "dns": "zabbix.domain.com", "ip": "", "port": "10050", "type": "agent", "useip": false

[atocko]

Maybe i missed something, but it looks like you are trying to use zabbix_host module outside of our host role. There is a trick to work with modules, that uses ansible http plugin. Api location should be placed to an 'delegate_to' field :) Take a look at our zabbix.zabbix.host role sources: https://github.com/zabbix/ansible-collection/blob/main/roles/host/tasks/main.yml

[microkc]

No I am just running the role as part of the playbook to install the agent and add it to my zabbix server. Here is my playbook, edited to remove personal details.

---

2 - hosts: all 3 roles: 4 - role: zabbix.zabbix.agent ### Zabbix agent configuration 5 agent_param_server: 10... # address of Zabbix server to accept connectio> 6 agent_firewall_allow_from: 10... # address of Zabbix server to allow con> 7 8 - role: zabbix.zabbix.host ### Zabbix API properties 9 host_zabbix_api_server: zabbix.domain.com # Zabbix frontend server; 10 host_zabbix_api_port: 443 # Zabbix fronted connection port; 11 host_zabbix_api_user: ansible_add_host # Zabbix user name for API connection; 12 host_zabbix_api_password: *** # Zabbix user passwo> 13 host_zabbix_api_use_ssl: true # Use secure connection; ### Zabbix host configur> 14 host_zabbix_api_validate_certs: false 15 host_templates: ["Linux by Zabbix agent"] # Assign list of templates to the hos> 16 host_hostgroups: 17 - Linux Servers

I am fairly new to both zabbix and ansible so I may be doing something incorrectly. My apologies if that is the case.

Thank you again for fixing the first issue and thank you in advance for your help with this.

Susan

[atocko]

Hey Susan! By default zabbix.zabbix.host role uses ansible_host variable from inventory. Role checks if its IP addres and places it to the IP field. If not -> DNS. Check the readme of host role for the default values to get basic understanding of what is going on.

Set an ansible_host variable in your inventory for the hosts :)

Here is example of inventory file in yaml format:

Linux Servers:
  hosts:
    10.2.1.27:
      ansible_host: 10.2.1.27
      ansible_user: someuser
      ansible_become_password: somepassword

I'm actually reusing the name of host in inventory to avoid repeating the address:

Linux Servers:
  hosts:
    10.2.1.27:
      ansible_host: '{{ inventory_hostname }}'
      ansible_user: someuser
      ansible_become_password: somepassword

But having a proper name for the host instead of ip could be more readable :)

We will update documentation to be more clear about it next time.

[microkc]

Hi Atocko, Thank you for explaining what I was missing. Once I set an ansible_host variable it properly assigns the ip address.

If this is the proper outcome, I will make sure to assign an ansible_host variable in my inventory by default. I was under the impression that without an ansible_host variable set that it would use the ip address from inventory. I feel it might be helpful to add something to the readme saying it is needed by default.

Thank you again for your help and we can close this ticket as my issue is resolved. Susan