Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed connection with proxmox without certs #9178

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

t-pierre
Copy link

SUMMARY

Need to add the verify argument to the get() call to successfully connect to a proxmox without a certificate.
Without it, the validate_certs parameter in proxmox.yml inventory seems to be ignored (not really used, at least).

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

plugins/inventory/proxmox.py

@ansibullbot
Copy link
Collaborator

@ansibullbot ansibullbot added bug This issue/PR relates to a bug inventory inventory plugin new_contributor Help guide this first time contributor plugins plugin (any type) small_patch Hopefully easy to review labels Nov 23, 2024
@felixfontein felixfontein added check-before-release PR will be looked at again shortly before release and merged if possible. backport-9 Automatically create a backport for the stable-9 branch backport-10 Automatically create a backport for the stable-10 branch labels Nov 24, 2024
@felixfontein
Copy link
Collaborator

Thanks for your contribution! Can you please add a changelog fragment? Thanks.

@t-pierre t-pierre force-pushed the proxmox-validate_certs branch from 6f7933b to 8cb1fb8 Compare November 24, 2024 17:31
@ansibullbot ansibullbot removed the small_patch Hopefully easy to review label Nov 24, 2024
@@ -312,7 +312,7 @@ def _get_json(self, url, ignore_errors=None):
data = []
s = self._get_session()
while True:
ret = s.get(url, headers=self.headers)
ret = s.get(url, headers=self.headers, verify=s.verify)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which version of requests do you have that needs this? self._get_session() returns a requests.Session object with verify set, which according to the documentation (and the requests sources) should apply to all requests made with this session. So the change should not really have any effect. If it has an effect for you, I think we should first try to find out why that is the case.

Copy link
Author

@t-pierre t-pierre Nov 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have requests 2.32.3 and python 3.12. I'm on mac, if it's important

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It works on a lxc.

On macOS Sequoia 15.1.1: ❌

ansible --version

ansible [core 2.18.0]
  config file = /Users/*user*/Desktop/*project*/ansible.cfg
  configured module search path = ['/Users/*user*/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/11.0.0/libexec/lib/python3.13/site-packages/ansible
  ansible collection location = /Users/*user*/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.13.0 (main, Oct  7 2024, 05:02:14) [Clang 16.0.0 (clang-1600.0.26.4)] (/usr/local/Cellar/ansible/11.0.0/libexec/bin/python)
  jinja version = 3.1.4
  libyaml = True

On pipenv: ❌

ansible [core 2.18.0]
  config file = /Users/*user*/Desktop/*project*/ansible.cfg
  configured module search path = ['/Users/*user*/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/*user*/Desktop/*project*/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/*user*/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/*user*/Desktop/*project*/bin/ansible
  python version = 3.12.7 (main, Oct  1 2024, 02:05:46) [Clang 15.0.0 (clang-1500.3.9.4)] (/Users/*user*/Desktop/*project*/bin/python3.12)
  jinja version = 3.1.4
  libyaml = True

On a Debian GNU/Linux 11 (bullseye) lxc: ✅

ansible --version

ansible [core 2.15.12]
config file = /root/*project*/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /root/.local/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] (/usr/bin/python3)
jinja version = 3.1.4
libyaml = True

Tell me what information you need
Thanks!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to figure out why requests doesn't behave as documented and this does not already works without having to specify verify again.

@ansibullbot ansibullbot added the stale_ci CI is older than 7 days, rerun before merging label Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-9 Automatically create a backport for the stable-9 branch backport-10 Automatically create a backport for the stable-10 branch bug This issue/PR relates to a bug check-before-release PR will be looked at again shortly before release and merged if possible. inventory inventory plugin new_contributor Help guide this first time contributor plugins plugin (any type) stale_ci CI is older than 7 days, rerun before merging
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants