Hi, oVirt 4.3.5 changed certificate to one from an official CA configured active directory auth no kerberos / no ldapS as per: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/htm... ANSIBLE_JINJA2_EXTENSIONS="jinja2.ext.do" ./configure_ovirt_machines_for_metrics.sh --playbook=ovirt-metrics-store-installation.yml --ask-vault-pass -vvvv During installation of the metrics store following error appears: TASK [oVirt.image-template : Login to oVirt] ********************************************************************************************************* task path: /usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml:41 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: root <localhost> EXEC /bin/sh -c 'echo ~root && sleep 0' <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944 `" && echo ansible-tmp-1571121133.7-63276692983944="` echo /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944 `" ) && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/ovirt/ovirt_auth.py <localhost> PUT /root/.ansible/tmp/ansible-local-32046wbKds4/tmpyM5Ro2 TO /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/AnsiballZ_ovirt_auth.py <localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/ /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/AnsiballZ_ovirt_auth.py && sleep 0' <localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/AnsiballZ_ovirt_auth.py && sleep 0' <localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/tmp/ansible_ovirt_auth_payload_2cmBY9/__main__.py", line 276, in main token = connection.authenticate() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 382, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 628, in _get_access_token sso_error[1] AuthError: Error during SSO authentication access_denied : Cannot authenticate user 'xxx@xxxx.LOCAL': No valid profile found in credentials.. fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "ca_file": "/etc/pki/ovirt-engine/apache-ca.pem", "compress": true, "headers": null, "hostname": "ovirt-poc.xxxx.at", "insecure": false, "kerberos": false, "ovirt_auth": null, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "state": "present", "timeout": 0, "token": null, "url": "https://ovirt-poc.xxxx.at/ovirt-engine/api", "username": "xxx@xxx.LOCAL" } }, "msg": "Error during SSO authentication access_denied : Cannot authenticate user 'xxx@xxx.LOCAL': No valid profile found in credentials.." } TASK [oVirt.image-template : Remove downloaded image] ************************************************************************************************ task path: /usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml:210 skipping: [localhost] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [oVirt.image-template : Remove vm] ************************************************************************************************************** task path: /usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml:216 fatal: [localhost]: FAILED! => { "msg": "The conditional check 'ovirt_templates | length == 0' failed. The error was: error while evaluating conditional (ovirt_templates | length == 0): 'ovirt_templates' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml': line 216, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Remove vm\n ^ here\n" } ############################################### Double-checked the credentials in "metrics-store-config.yml" and "secure_vars.yaml" and tried with admin@internal with same error. Any hints on this?