I see a traceback after I make insights-service down - (by settig wrong hostname for insights service in /etc/hosts) I have tried to simulate a case when the service is down during registering to the service. - name: Set /etc/hosts with wrong hostname of Insights Service copy: content: | 10.2.77.208 cert.cloud.stage.redhat.com 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 dest: /etc/hosts mode: '644' - name: Register the system command: "subscription-manager register --username {{ rhsm.username }} --password {{ rhsm.password }}" register: out changed_when: out.rc != 0 environment: - SUBMAN_DEBUG_PRINT_REQUEST: "1" - name: register to insights service # noqa ignore-errors command: "insights-client --register" register: out changed_when: out.rc != 0 ignore_errors: yes I see stderr from the command above: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn conn.connect() File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 411, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl( File "/usr/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.9/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib64/python3.9/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib64/python3.9/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='cert.cloud.stage.redhat.com', port=443): Max retries exceeded with url: /api/module-update-router/v1/channel?module=insights-core (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))) The same error appears even in cockpit after I register a system using subscriptions cockpit plugin.
I've attached a complete ansible playbook to reproduce the case.