You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Zabbix 7.0 LTS, installed with official repositories, on CentOS Stream 9.
The certificate is signed by my internal authority, which is trusted by my Ansible controller (Fedora 41) at the system level.
STEPS TO REPRODUCE
Add a certificate to Zabbix from an internal authority
Add the root certificate to the trust store of the Ansible controller
The certificates trusted by the system should be trusted by community.zabbix.zabbix_host on all Python versions.
ACTUAL RESULTS
The certificates trusted by the system are trusted by community.zabbix.zabbix_host on Python version 3.12 and below.
On Python 3.13, the following error is raised:
Read vars_file 'vault/zabbix.yml'
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<zabbix.home.arpa> ESTABLISH LOCAL CONNECTION FOR USER: silejonu
<zabbix.home.arpa> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas `"&& mkdir "` echo /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948 `" && echo ansible-tmp-1736974837.76897-4745-189524040544948="` echo /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948 `" ) && sleep 0'
Using module file /home/silejonu/ansible/collections/ansible_collections/community/zabbix/plugins/modules/zabbix_host.py
<zabbix.home.arpa> PUT /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/tmpoittgqmy TO /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py
<zabbix.home.arpa> EXEC /bin/sh -c 'chmod u+x /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/ /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py && sleep 0'
<zabbix.home.arpa> EXEC /bin/sh -c '/home/silejonu/ansible/.venv/bin/python /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py && sleep 0'
<zabbix.home.arpa> EXEC /bin/sh -c 'rm -f -r /home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py", line 107, in <module>
_ansiballz_main()
~~~~~~~~~~~~~~~^^
File "/home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.community.zabbix.plugins.modules.zabbix_host', init_globals=dict(_module_fqn='ansible_collections.community.zabbix.plugins.modules.zabbix_host', _modlib_path=modlib_path),
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
run_name='__main__', alter_sys=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen runpy>", line 226, in run_module
File "<frozen runpy>", line 98, in _run_module_code
File "<frozen runpy>", line 88, in _run_code
File "/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_host.py", line 1356, in <module>
File "/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_host.py", line 1143, in main
File "/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/base.py", line 20, in __init__
File "/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/api_request.py", line 53, in api_version
File "/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible/module_utils/connection.py", line 183, in __rpc__
ansible.module_utils.connection.ConnectionError: Could not connect to https://zabbix.home.arpa:443///api_jsonrpc.php: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Basic Constraints of CA cert not marked critical (_ssl.c:1018)
fatal: [zabbix -> zabbix.home.arpa]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py\", line 107, in <module>\n _ansiballz_main()\n ~~~~~~~~~~~~~~~^^\n File \"/home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/home/silejonu/.ansible/tmp/ansible-local-46113ym17bas/ansible-tmp-1736974837.76897-4745-189524040544948/AnsiballZ_zabbix_host.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible_collections.community.zabbix.plugins.modules.zabbix_host', init_globals=dict(_module_fqn='ansible_collections.community.zabbix.plugins.modules.zabbix_host', _modlib_path=modlib_path),\n ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n run_name='__main__', alter_sys=True)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"<frozen runpy>\", line 226, in run_module\n File \"<frozen runpy>\", line 98, in _run_module_code\n File \"<frozen runpy>\", line 88, in _run_code\n File \"/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_host.py\", line 1356, in <module>\n File \"/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_host.py\", line 1143, in main\n File \"/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/base.py\", line 20, in __init__\n File \"/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/api_request.py\", line 53, in api_version\n File \"/tmp/ansible_community.zabbix.zabbix_host_payload_7_wyfrlp/ansible_community.zabbix.zabbix_host_payload.zip/ansible/module_utils/connection.py\", line 183, in __rpc__\nansible.module_utils.connection.ConnectionError: Could not connect to https://zabbix.home.arpa:443///api_jsonrpc.php: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Basic Constraints of CA cert not marked critical (_ssl.c:1018)\n",
"module_stdout": "",
"msg": "MODULE FAILURE: No start of json char found\nSee stdout/stderr for the exact error",
"rc": 1
}
The text was updated successfully, but these errors were encountered:
SUMMARY
When running Ansible with Python 3.13, the
community.zabbix.zabbix_hostmodule fails to verify certificates trusted by the system trust store.ISSUE TYPE
COMPONENT NAME
community.zabbix.zabbix_host
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT / Zabbix Version
Zabbix 7.0 LTS, installed with official repositories, on CentOS Stream 9.
The certificate is signed by my internal authority, which is trusted by my Ansible controller (Fedora 41) at the system level.
STEPS TO REPRODUCE
python3.13 -m venv .venvsource .venv/bin/activatepip install --upgrade pip ansible-coreExample playbook:
EXPECTED RESULTS
The certificates trusted by the system should be trusted by
community.zabbix.zabbix_hoston all Python versions.ACTUAL RESULTS
The certificates trusted by the system are trusted by
community.zabbix.zabbix_hoston Python version 3.12 and below.On Python 3.13, the following error is raised:
The text was updated successfully, but these errors were encountered: