627 shaares
Sur les distribs disposant de python < 2.7.9 (ubuntu 14.04 par exemple), les modules ansible apt_key et apt_repository ne gèrent pas les urls en HTTPS.
example:
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for packages.elastic.co:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine (the python executable used (/usr/bin/python) is version: 2.7.6 (default, Nov 13 2018, 12:45:42) [GCC 4.8.4]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: hostname 'packages.elastic.co' doesn't match 'e.sni.fastly.net'."}
Il est nécessaire d'installer les packages python-urllib3
, python-openssl
, python-pyasn1
, python-pip
et pip ndg-httpsclient
pour que cela soit fonctionnel.
example:
- name: Debian - ensure python-urllib3, python-openssl, python-pyasn1 & python-pip are installed
apt:
name: python-urllib3,python-openssl,python-pyasn1,python-pip
state: present
when: ansible_distribution_release == "trusty"
- name: Debian - ensure ndg-httpsclient pip is installed
pip:
name: ndg-httpsclient
state: present
when: ansible_distribution_release == "trusty"