如何修复以下Ansible Galaxy SSL错误?

qf9go6mv  于 2023-05-07  发布在  其他
关注(0)|答案(6)|浏览(354)

开始学习Ansible,想方便ansible-galaxy search nginx命令,但我得到:

ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>

曾尝试使用ansible-galaxy --ignore-certs search nginxansible-galaxy -c search nginx,但现在得到ansible-galaxy: error: unrecognized arguments: --ignore-certs的展位。
操作系统:
经销商ID:Ubuntu说明:Ubuntu 18.04.5 LTS版本:18.04代号:仿生的
Ansible版本:

ansible 2.9.5
  config file = /home/maciej/projects/priv/ansible_nauka/packt_course/ansible.cfg
  configured module search path = ['/home/maciej/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/maciej/.local/lib/python3.6/site-packages/ansible
  executable location = /home/maciej/.local/bin/ansible
  python version = 3.6.9 (default, Jul 17 2020, 12:50:27) [GCC 8.4.0]
68bkxrlz

68bkxrlz1#

我也遇到了同样的问题,但在Mac OS X上。
潜在的问题是你的Python环境没有找到/使用安装在你的操作系统上的默认根证书。需要这些根证书才能安全地(通过TLS)连接Ansible Galaxy。

对于Mac OS X,我可以根据这个答案解决这个问题:How to make Python use CA certificates from Mac OS TrustStore?

即,通过运行脚本来安装证书,安装附带:

cd /Applications/Python\ 3.7/
./Install\ Certificates.command

(your Python版本可能不同)

对于Ubuntu / Debian

更新:正如Maciej在接受的答案中指出的那样,证书可以重新生成并添加到环境中:

sudo update-ca-certificates --fresh
export SSL_CERT_DIR=/etc/ssl/certs

P.S.:我不建议使用--ignore-certs,这会跳过TLS连接中的证书验证,使连接不安全(允许Man-in-the-middle attacks

hi3rlvi2

hi3rlvi22#

为我工作:

ansible-galaxy search --ignore-certs postgresql
pengsaosao

pengsaosao3#

回到这个问题…生活是最好的动力。帮助我的是:

sudo update-ca-certificates --fresh
export SSL_CERT_DIR=/etc/ssl/certs
j8ag8udp

j8ag8udp4#

对于RHEL/CENTOS

您可能需要检查加密策略,如果策略设置为将来临时设置为默认值
sudo update-crypto-policies --set=DEFAULT

0yycz8jy

0yycz8jy5#

bahrathkumaraju@Bahrathkumarajus-MacBook-Pro vault_ansible % ansible-galaxy collection install community.hashi_vault --ignore-certs
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/community-hashi_vault-3.0.0.tar.gz to /Users/bahrathkumaraju/.ansible/tmp/ansible-local-91443c5vh69v3/tmp76qmz32a/community-hashi_vault-3.0.0-635b3qde
Installing 'community.hashi_vault:3.0.0' to '/Users/bahrathkumaraju/.ansible/collections/ansible_collections/community/hashi_vault'
community.hashi_vault:3.0.0 was installed successfully
bahrathkumaraju@Bahrathkumarajus-MacBook-Pro vault_ansible %
mm9b1k5b

mm9b1k5b6#

如果其他人正在查看这个,则args是顺序相关的。在带有cntlm代理的rhel8上....

declare -x https_proxy='127.0.0.1:3128'
declare -x http_proxy='127.0.0.1:3128'

# this works through a proxy
ansible-galaxy collection install ovirt.ovirt --ignore-certs

# this does not
ansible-galaxy --ignore-certs collection install ovirt.ovirt 

# and this does not
ansible-galaxy collection --ignore-certs install ovirt.ovirt

相关问题