我在server1上运行了一个Ansible作业。这将应用程序部署到server2。
此步骤失败:
- name: Check {{ my_app }} runs at "https://{{ host }}:{{ port }}{{ endpoint }}" - returns a status 200
uri:
url: 'https://{{ host }}:{{ port }}{{ endpoint}}'
return_content: yes
register: result
until: result.status == 200
retries: 5
delay: 20
它给出了以下错误:
致命:[server2.url.com]:失败=>{"尝试":5."更改":false,"调用":{"module_args":{"属性":无效的"备份":无效的"身体":无效的"body_format":"生";,"client_cert":无效的"客户端密钥":无效的"内容":无效的"创建":无效的"分隔符":无效的"dest":无效的"directory_mode":无效的"跟随":false,"follow_redirects":"安全";,"力":false,"force_basic_auth":false,"组":无效的"标题":{},"http_agent":"ansible httpget";,"方法":"GET";,"模式":无效的"所有者":无效的"regexp":无效的"remote_src":无效的"删除":无效的"return_content":是的,"selevel":无效的"serole":无效的"settype":无效的"seuser":无效的"src":无效的"status_code":[200],"超时":30,"unix_socket":无效的"unsaf.writes":无效的"url":"https://server2.url.com:1234/my/endpoint","url密码":无效的"url用户名":无效的"use_proxy":是的,"validate_certs":真的}},"msg":"验证服务器2的SSL证书失败。网址:1234。请确保您的托管系统安装了有效的CA证书。如果不需要确认服务器标识,但这是不安全的,不建议使用validate_certs=False。为此平台检查的路径:/etc/ssl/certs、/etc/pki/ca-trust/extracted/pem、/etc/pki/tls/certs、/usr/share/ca-certificates/cacert.org、/etc/ansible。异常消息为:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_SSL.c:618(。";,"状态":-1."url":"https://server2.url.com:1234/my/endpoint">
我想我需要在server2上的某个地方安装cert,但我不确定如何或在哪里安装。不过我想我有正确的证书。如何添加?
此外,我知道Ansible使用Python。server1具有Python 3.6.8,server2具有Python 2.7.5。版本之间是否存在任何可能的冲突?
试试这个:
- name: Check {{ my_app }} runs at "https://{{ host }}:{{ port }}{{ endpoint }}" - returns a status 200
uri:
url: 'https://{{ host }}:{{ port }}{{ endpoint}}'
**validate_certs: no**
return_content: yes
register: result
until: result.status == 200
retries: 5
delay: 20