Task Remove existing HEC token is failing -1 because of self signed certificates

[hohenhe1m]

Hello,

We are using Splunk docker images in a K8S environment to spawn a cluster. I have recently try to update from 9.0.8 to 9.0.9 and I have got this error from indexers and standalone nodes :

`TASK [splunk_standalone : Remove existing HEC token] ***************************
fatal: [localhost]: FAILED! => {
"changed": false,
"elapsed": 0,
"redirected": false,
"status": -1,
"url": "https://127.0.0.1:8089/services/data/inputs/http/splunk_hec_token",
"warnings": [
"Module did not set no_log for password"
]
}

MSG:

Status code was -1 and not [200, 404]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)>`

I have tested locally in the pod, I am able with curl to

curl -k -u admin:pass https://localhost:8089/services/data/inputs/http/splunk_hec_token -d "remove"

and it's working as expected.

I rollback to 9.0.8 and everything is working as expected, can you try to help ?

Vincent

[hortonew]

It looks like the surrounding steps now use splunk_api, which by default does not verify SSL/TLS certs. This step for Remove existing HEC token still uses the uri module, and recently removed "validate_certs: false", causing this problem (because the default is to verify certs).

[cderocco5]

This change breaks in 9.1.4 also. The "Remove existing HEC token" task needs the validate_certs: false tasks added back or else the docker container fails to complete with error:
Status code was -1 and not [200, 404]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091).

This is preventing my team from upgrading from 9.1.2 to 9.1.4. And 9.1.4 has a high vulnerability fix according to the splunk advisory.