Dear AWX users,
we are trying to pull collection updates from a private Artifactory instance.
We found that we need to disable the TLS certificate validation, even though Artifactory is using a valid certificate.
Got an unexpected error when getting available versions of collection
community.hashi_vault: Unknown error when attempting to call Galaxy at
'https://artifactory.example.org/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
failed: unable to get local issuer certificate (_ssl.c:1032)>. <urlopen error
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local
issuer certificate (_ssl.c:1032)>
ERROR! Unknown error when attempting to call Galaxy at 'artifactory.example.org/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1032)>. <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1032)>
Funnily enough, we can curl Artifactory from inside all containers in the awx-task and awx-web pods. Or use python urllib to connect, which also works fine.
It seems to only be the collections update that fails.
The execution environment used for the controlplane (which is used for the project updates) is self-built and includes ansible-core 2.18.10 as well as openssl and ca-certificates. It is based on the example here
Any ideas how to debug further? Any solutions, tips, tricks?
Kind Regards,
Johannes