Solved: ch10s04 - Error: SSL certificate verify failed whe...

RMB · ‎09-26-2024

Hello,

I had an error with the SSL certificate when I tried to build the execution environment for the last lab in Chapter 10.

- Command executed:

ansible-builder build --tag hub.lab.example.com/system/ee-review-rhel8:v1.0

or

podman build -f context/Containerfile -t hub.lab.example.com/system/ee-review-rhel8:v1.0 context

- Error:

SSL certificate verify failed

- Solution:

I added this parameter to the execution-environment.yml configuration file:

version: 1

build_arg_defaults:

ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-c"

After adding this and rebuilding the environment, everything worked perfectly!

I hope this helps anyone who encounters the same problem!

Chetan_Tiwary_ · ‎09-26-2024

@RMB I was unable to replicate this issue in my DO374 lab : ch10s04 step 8:

View solution in original post

rhnoname · ‎09-26-2024

Hi,

I will keep it in mind.

Thanks for sharing!

Best Regards

Chetan_Tiwary_ · ‎09-26-2024

@RMB Thanks for letting us know here. I will check and report it as well!

Chetan_Tiwary_ · ‎09-26-2024

@RMB I was unable to replicate this issue in my DO374 lab : ch10s04 step 8:

RMB · ‎10-01-2024

Hi!,

I tried again, this time I just used the podman build command to see what would happen and it worked:

[student@workstation ee-build]$ podman build -f context/Containerfile \ > -t hub.lab.example.com/system/ee-review-rhel8:v1.0 context

Maybe the problem it was just not using podman build and using the ansible-builder build command instead.

Thanks!

Roberto

Chetan_Tiwary_ · ‎10-01-2024

@RMB glad that it is resolved for you!

DeepakRamanath · ‎12-05-2024

I had the same issue and adding ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-c" worked, but had to clear the _build directory in the context/

Also, out of interest, where can we find these flags in the documentation?

Thanks you

kitelooper

The ansible-galaxy man page is below. The -c parameter ignores SSL certificate validation errors.

https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html

ansible-builder or 'podman build' both run the following when collections are required which is where the ANSIBLE_GALAXY_CLI_COLLECTION_OPTS variable comes from

ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections"

kitelooper

I have the same issue whenever I create an execution environment that adds collections to it. When collections are required to be added into the execution environment, ansible-galaxy runs trying to connect to https://hub.lab.example.com but fails due to the SSL certificate not being trusted. Adding ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-c" into execution-environment.yml runs ansible-galaxy -c which forces it to ignore SSL certificate validation errors.

You can see in the error that it is trying to run...

ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections"

The -c option ignores SSL certificate validation errors. The ansible-galaxy man page is below:

https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html

ch10s04 - Error: SSL certificate verify failed when execute podman build command