Meraki

WellyHartanto · ‎Feb 23 2025

Hi everyone!

I tried to search the keyword 'AWX' within this forum but it seems the result is very limited.

Anyway, I've been trying to play with Ansible AWX (after finally succeeded).
I have the source control in GitHub repo with collection->requirements.yml contains:

---
collections:
- cisco.meraki

But whenever I try to sync the project, I always get hit by SSL issue:

Downloading
https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/cisco-meraki-2.20.8.tar.gz
to
/var/lib/awx/projects/.__awx_cache/_16__meraki/stage/tmp/ansible-local-209crtzo64x/tmpe2hzluwp/cisco-meraki-2.20.8-bfda1m77
stderr: >-
ERROR! Failed to download collection tar from 'server0' due to the following
unforeseen error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: self-signed certificate in certificate chain (_ssl.c:1133)>.
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self-signed certificate in certificate chain (_ssl.c:1133)>

It will be great if anyone can share a light on this or perhaps point me to a comprehensive documentation/examples on how to properly working with this kind of environment.

Thank you!

Oren · ‎Feb 23 2025

My pleasure. I’m not an expert on AWX, but others here may be.

View solution in original post

Oren · ‎Feb 23 2025

Is there perhaps a proxy or a security device trying to decrypt the traffic?

Did this work for other collections?

WellyHartanto · ‎Feb 23 2025

Hi @Oren

Thanks for your reply.
I forgot to mention that containerization stuff is new to me.

Based on your post, I tried to use community.general and yes indeed I encountered the same issue.
My firewall does an HTTPS inspection and, as my SEC team suggested, it's already whitelisted.
I tried logging in to the operator pod and tested the connectivity using curl to https://galaxy.ansible.com and https://api.meraki.com/api/v1/
Both passed without issues (also checked the certificate chain with openssl command).

I can reproduce the error by manually installing the collection (or any other collections)

ansible-galaxy collection install cisco.meraki -f
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/cisco-merak... to /opt/ansible/.ansible/tmp/ansible-local-2236vzmop1sc/tmp8nv5plsr/cisco-meraki-2.20.8-kf12ehga
ERROR! Failed to download collection tar from 'default' due to the following unforeseen error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)>. <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)>

I guess I'm having a general issue with AWX rather than the Meraki collection itself.
Anyhow, any help will be greatly appreciated!

Oren · ‎Feb 23 2025

My pleasure. I’m not an expert on AWX, but others here may be.

WellyHartanto · ‎Apr 6 2025

Just want to add some information after I successfully overcame the issue.

- It's a firewall issue (my firewall is doing HTTPS inspection)
- But even after whitelisting from my SEC team, I was hit by a similar issue, hence I ended up building my own Execution Environment with all the required packages, libraries, and galaxy collections that I need.

Meraki

Community

AWX with Meraki Collection

AWX with Meraki Collection