[ansible-project] SSL/Certificate Errors when running playbooks against Azure
Hello,
So I have an Azure free trial subscription and am trying to deploy VMs for
it through ansible. For reference, I mostly followed this
guide: https://github.com/erjosito/ansible-azure-lab
I am unable to execute any playbook task at all, even something as simple
as merely creating a resource group with a network. Here is the error I
always get:
fatal: [192.168.0.177]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "From cffi callback :\nTraceback (most recent call last):\n File
\"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 313, in
wrapper\n_lib.X509_up_ref(x509)\nAttributeError: 'module' object has no
attribute 'X509_up_ref'\nTraceback (most recent call last):\n File
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line
354, in \nmain()\n File
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line
351, in main\nAzureRMVirtualNetwork()\n File
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line
206, in __init__\nsupports_check_mode=True)\n File
\"/tmp/ansible_uaTUwO/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\",
line 235, in __init__\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 440, in __init__\nself.set_token()\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 473, in set_token\nraise_with_traceback(AuthenticationError, \"\",
err)\n File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\",
line 48, in raise_with_traceback\nraise
error\nmsrest.exceptions.AuthenticationError: , SSLError:
HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max
retries exceeded with url: /*b4f64759-blah-blah*/oauth2/token (Caused by
SSLError(SSLError(\"bad handshake: Error([('SSL routines',
'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n",
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
I am able to connect to azure via the azure CLI create VMs and such through
a bash script, but I need to get this working with ansible.
My credentials file
[code]
subscription_id=5eff-blah-blah
client_id=83e09b01-blah-blah
secret=passwordblahblah
tenant=b4f64759-blah-blah
[/code]
Sample yml
[code]
- name: whatever
hosts: localhost
connection: local
tasks:
- name: Create virtual network
azure_rm_virtualnetwork:
resource_group: myResourceGroup
name: myVnet
address_prefixes: "10.10.0.0/16"
[/code]
I have even tried modifying my credentials file to include the azure AD
username & password (yes, I know this is considered bad practice, but I got
desperate) and it still fails with a certificate error:
[code]
ad_user=du...@dummy.com
password=DummyLab
subscription_id=5eff-blah-blah
[/code]
fatal: [192.168.0.177]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "From cffi callback :\nTraceback (most recent call last):\n File
\"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 313, in
wrapper\n_lib.X509_up_ref(x509)\nAttributeError: 'module' object has no
attribute 'X509_up_ref'\nTraceback (most recent call last):\n File
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line
354, in \nmain()\n File
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line
351, in main\nAzureRMVirtualNetwork()\n File
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line
206, in __init__\nsupports_check_mode=True)\n File
\"/tmp/ansible_B6bKF3/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\",
line 245, in __init__\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 367, in __init__\nself.set_token()\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 404, in set_token\nraise_with_traceback(AuthenticationError, \"\",
err)\n File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\",
line 48, in raise_with_traceback\nraise
error\nmsrest.exceptions.AuthenticationError: , SSLError:
HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max
retries exceeded with url: /common/oauth2/token (Caused by
SSLError(SSLError(\"bad handshake: Error([('SSL routines',
'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n",
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/345e87d9-4799-4f26-9a43-865a5f4ca57b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] SSL/Certificate errors when running playbooks against Azure
Hello,
So I have an Azure free trial subscription and am trying to deploy VMs for
it through ansible. For reference, I mostly followed this guide:
https://github.com/erjosito/ansible-azure-lab
I am unable to execute any playbook task at all, even something as simple
as merely creating a resource group with a network. Here is the error I
always get:
fatal: [192.168.0.177]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "From cffi callback :\nTraceback (most recent call last):\n File
\"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 313, in
wrapper\n_lib.X509_up_ref(x509)\nAttributeError: 'module' object has no
attribute 'X509_up_ref'\nTraceback (most recent call last):\n File
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line
354, in \nmain()\n File
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line
351, in main\nAzureRMVirtualNetwork()\n File
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line
206, in __init__\nsupports_check_mode=True)\n File
\"/tmp/ansible_uaTUwO/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\",
line 235, in __init__\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 440, in __init__\nself.set_token()\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 473, in set_token\nraise_with_traceback(AuthenticationError, \"\",
err)\n File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\",
line 48, in raise_with_traceback\nraise
error\nmsrest.exceptions.AuthenticationError: , SSLError:
HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max
retries exceeded with url: /*b4f64759-blah-blah*/oauth2/token (Caused by
SSLError(SSLError(\"bad handshake: Error([('SSL routines',
'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n",
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
I am able to connect to azure via the azure CLI create VMs and such through
a bash script, but I need to get this working with ansible.
My credentials file
subscription_id=5eff-blah-blah
client_id=83e09b01-blah-blah
secret=passwordblahblah
tenant=b4f64759-blah-blah
Sample yml
- name: whatever
hosts: localhost
connection: local
tasks:
- name: Create virtual network
azure_rm_virtualnetwork:
resource_group: myResourceGroup
name: myVnet
address_prefixes: "10.10.0.0/16"
I have even tried modifying my credentials file to include the azure AD
username & password (yes, I know this is considered bad practice, but I got
desperate) and it still fails with a certificate error:
ad_user=du...@dummy.com
password=DummyLab
subscription_id=5eff-blah-blah
fatal: [192.168.0.177]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "From cffi callback :\nTraceback (most recent call last):\n File
\"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 313, in
wrapper\n_lib.X509_up_ref(x509)\nAttributeError: 'module' object has no
attribute 'X509_up_ref'\nTraceback (most recent call last):\n File
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line
354, in \nmain()\n File
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line
351, in main\nAzureRMVirtualNetwork()\n File
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line
206, in __init__\nsupports_check_mode=True)\n File
\"/tmp/ansible_B6bKF3/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\",
line 245, in __init__\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 367, in __init__\nself.set_token()\n File
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\",
line 404, in set_token\nraise_with_traceback(AuthenticationError, \"\",
err)\n File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\",
line 48, in raise_with_traceback\nraise
error\nmsrest.exceptions.AuthenticationError: , SSLError:
HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max
retries exceeded with url: /common/oauth2/token (Caused by
SSLError(SSLError(\"bad handshake: Error([('SSL routines',
'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n",
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/82a4476e-bf1b-426d-8cbf-fa0c0b1ff393%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
