All vCenter and ESXi servers require SSL encryption on all connections to enforce secure communication. You must enable SSL encryption for Ansible by installing the server’s SSL certificates on your Ansible control node or delegate node.
If the SSL certificate of your vCenter or ESXi server is not correctly installed on your Ansible control node, you will see the following warning when using Ansible VMware modules:
Unable to connect to vCenter or ESXi API at xx.xx.xx.xx on TCP/443: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)
To install the SSL certificate for your VMware server, and run your Ansible VMware modules in encrypted mode, please follow the instructions for the server you are running with VMware.
https://vcenter-domain.example.com
.certs
directory that contains two types of files. Files with a number as the extension (.0, .1, and so on) are root certificates./etc/vmware/ssl
rui.crt
located in /etc/vmware/ssl
directory to Ansible control node.If you need to use a custom path for SSL certificates, you can set the REQUESTS_CA_BUNDLE
environment variable in your playbook.
For example, if /var/vmware/certs/vcenter1.crt
is the SSL certificate for your vCenter Server, you can use the environment keyword to pass it to the modules:
- name: Gather all tags from vCenter community.vmware.vmware_tag_info: validate_certs: True hostname: '{{ vcenter_hostname }}' username: '{{ vcenter_username }}' password: '{{ vcenter_password }}' environment: REQUESTS_CA_BUNDLE: /var/vmware/certs/vcenter1.crt
There is a known issue in requests
library (version 2) which you may want to consider when using this environment variable. Basically, setting REQUESTS_CA_BUNDLE
environment variable on managed nodes overrides the validate_certs
value. This may result in unexpected behavior while running the playbook. Please see community.vmware issue 601 and vmware issue 254 for more information.
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/scenario_guides/vmware_scenarios/vmware_requirements.html