Getting SSL Handshake Error while running my ansible-playbook

0
votes

When I'm trying to run my playbook I'm getting an error which I believe is related to some sort of SSL certificate validation, but I'm not sure of the actual reason for it.

I tried a lot of configuration but the one's that I believe worked for me are as below:

Troubleshooting Steps:

  1. Add pip global trust profile under $HOME/.config/pip/pip.conf and copy below content:

    [global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

  2. pip install --upgrade pip. This was although not a necessary step but as nothing was working I tried it.

  3. pip install pyopenssl. This step actually resolved my issue as my ansible playbook was constantly throwing error of SSL Handshake and certificate verify failed.

    fatal: [localhost]: FAILED! => { "changed": false, "module_stderr": "From cffi callback :\nTraceback (most recent call last):\n File \"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 309, in wrapper\n _lib.X509_up_ref(x509)\nAttributeError: 'module' object has no attribute 'X509_up_ref'\nTraceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1550051069.59- 120598072724498/AnsiballZ_azure_rm_virtualnetwork.py\", line 113, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp- 1550051069.59-120598072724498/AnsiballZ_azure_rm_virtualnetwork.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1550051069.59- 120598072724498/AnsiballZ_azure_rm_virtualnetwork.py\", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n
    File \"/tmp/ansible_azure_rm_virtualnetwork_payload_TxAf7f/main.py\", line 349, in \n File \"/tmp/ansible_azure_rm_virtualnetwork_payload_TxAf7f/main.py\", line 345, in main\n File \"/tmp/ansible_azure_rm_virtualnetwork_payload_TxAf7f/main.py\", line 201, in init\n File mp/ansible_azure_rm_virtualnetwork_payload_TxAf7f/ansible_azure_rm_virtua lnetwork_payload.zip/ansible/module_utils/azure_rm_common.py\", line 301, in init\n File

    lnetwork_payload.zip/ansible/module_utils/azure_rm_common.py\", line 1021, in init\n File \"/usr/lib/python2.7/site- packages/msrestazure/azure_active_directory.py\", line 453, in init\n
    self.set_token()\n File \"/usr/lib/python2.7/site- packages/msrestazure/azure_active_directory.py\", line 480, in set_token\n raise_with_traceback(AuthenticationError, \"\", err)\n
    File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n raise error\nmsrest.exceptions.AuthenticationError: , SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /1564e0a7-162f-4a3c-b5f3- 837525c8ad64/oauth2/token (Caused by SSLError(SSLError(\"bad handshake:`

    Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

If anyone could explain what exactly the cause of this error is, it would be so helpful to me to know what are the basic things required while working with some modules.

Thanks!!

1
azurepipansible

1 Answers

0
votes

Python or Ansible communicates using SSL so openssl is a binary through which SSL is validated in python.

Apart from ansible execution if you try to install any packages using python it will throw an error if openssl is not installed and also it depends on the pip and python version as well