0

I thought I had found something that would make managing the /etc/resolv.conf file easy. https://galaxy.ansible.com/ahuffman/resolv but when I try to install this role as per the documentation like so ...

bash-3.2$ ansible-galaxy install ahuffman.resolv

I get this error ...

Starting galaxy role install process
[WARNING]: - ahuffman.resolv was NOT installed successfully: Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/': <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

I have never used ansible-galaxy before ... and probably won't ever again :( Please help.

If I run with -vvvv I see this additional output:

ansible-galaxy 2.10.5
  config file = None
  configured module search path = ['/Users/red/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible
  executable location = /Library/Frameworks/Python.framework/Versions/3.6/bin/ansible-galaxy
  python version = 3.6.8 (v3.6.8:3c6b436a57, Dec 24 2018, 02:04:31) [GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57)]
No config file found; using defaults
Starting galaxy role install process
Processing role ahuffman.resolv
Initial connection to galaxy_server: https://galaxy.ansible.com
Opened /Users/red/.ansible/galaxy_token
Calling Galaxy at https://galaxy.ansible.com/api/
[WARNING]: - ahuffman.resolv was NOT installed successfully: Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/': <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Running with --ignore-certs seems to have fixed the problem but the usage from anisble-galaxy does mention a --ignore-certs option:

usage: ansible-galaxy [-h] [--version] [-v] TYPE ...

Perform various Role and Collection related operations.

positional arguments:
  TYPE
    collection   Manage an Ansible Galaxy collection.
    role         Manage an Ansible Galaxy role.

optional arguments:
  --version      show program's version number, config file location,
                 configured module search path, module location, executable
                 location and exit
  -h, --help     show this help message and exit
  -v, --verbose  verbose mode (-vvv for more, -vvvv to enable connection
                 debugging)
Red Cricket
  • 9,762
  • 21
  • 81
  • 166
  • can you re-run it with more verbose option `-vvvv` ? – sadok-f Feb 12 '21 at 06:41
  • 2
    seems an issue with verifying galaxy website certificate, are you running through a proxy? can you re-run with `--ignore-certs` option – sadok-f Feb 12 '21 at 10:54
  • That worked. I wish the developers of ansible-galaxy mentioned that option in the usage output. – Red Cricket Feb 12 '21 at 17:45
  • (a) if they did that, it would be an implicit endorsement to switch off cert verification (b) `ansible-galaxy role install --help | grep cert` means it was not a secret flag – mdaniel Feb 13 '21 at 19:08
  • a) they should fix it and b) their --help output is inaccurate and they should fix that. Otherwise most IT professionals that have very little time to find working solutions will abandon the this role and maybe Ansible all together. Don't make excuses for poor documentation. – Red Cricket Feb 14 '21 at 06:41

0 Answers0