Vmware deploy ovf Authenticity of the host's SSL certificate is not verified

Get Help
,
1

I use ansible version ansible [core 2.17.3]
and the community.vmware collection version 4.5.0

I want to deploy a ovf from a https url.
I already find out that I had to open incoming httpclient 443
But now I get Authenticity of the host’s SSL certificate is not verified
I tried different ova’s. Local deployment wit ovf works well.
Remote deployment with terraform is alos working

the validate_certs false part is only working for the vcenter part. The enviroment VMWARE_VALIDATE_CERTS is also not working.
Is there a solutions without importing all certificates

  • hosts: all
    gather_facts: no
    collections:
    • community.vmware
      vars:
      vcenter_hostname: vc02.contoso.local
      vcenter_username: admin
      vcenter_password: supersecretpassword
      #ansible_python_interpreter: /usr/bin/python3
      tasks:
    • name: vmware ovf deploy
      community.vmware.vmware_deploy_ovf:
      validate_certs: false
      datacenter: Datacenter1
      #cluster: “Cluster1”
      esxi_hostname: esxdc1-1.contoso.local
      datastore: “VMFS-ESX-DC1-A”
      networks: {“VM-Network”: “FRONTEND”}
      hostname: ‘{{ vcenter_hostname }}’
      username: ‘{{ vcenter_username }}’
      password: ‘{{ vcenter_password }}’
      url: “https://cloud-images.ubuntu.com/releases/xenial/release/ubuntu-16.04-server-cloudimg-amd64.ova
      #ovf: /tmp/ubuntu-16.04-server-cloudimg-amd64.ova
      #wait_for_ip_address: true
      delegate_to: localhost
      environment:
      VMWARE_VALIDATE_CERTS: false
2

Could you run ansible with -vvv and show us the error message? This might help to analyze the problem.

3

Sounds like maybe they’re behind a firewall and cloud-images.ubuntu.com isn’t trusted because it’s been re-signed by the firewall CA (deep-packet-inspection), and the module is failing to validate the cert because it doesn’t trust the CA and the validate_certs parameter only applies to the vmware/vcenter connection.

One solution may be to install the firewall’s CA on the control node, and export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt as an environment variable to ensure it is loaded by python.