Hi,
For some reason, ansible fails to install nodesource’s apt key on ubuntu/trusty. It seem to worked about a month ago or so (if I’m not mistaken).
playbook.yml:
- hosts: all
gather_facts: no
tasks:
- name: apt-get update
raw: '! which apt-get
&& exit 0
apt-get update’
- name: Install python
raw: '! which apt-get
&& exit 0
apt-get -y install python’
- hosts: all
tasks: - name: Add Nodesource apt key.
apt_key:
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
Output:
$ ansible-playbook playbook.yml -i lxc, -vv
…
TASK [Add Nodesource apt key.] *************************************************
task path: /home/yuri/_/deb.nodesource.com/playbook.yml:17
fatal: [lxc]: FAILED! => {“changed”: false, “failed”: true, “msg”: “Failed to validate the SSL certificate for deb.nodesource.com:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the urllib3, pyopenssl, ndg-httpsclient, and pyasn1 python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible”}
Can I somehow investigate what’s causing the issue? I indeed have python-2.7.6 there. Can I check if deb.nodesource.com is using SNI? Can this be an issue with trusty’s certificates? Which packages am I supposed to install? I can see python-urllib3, and python-pyasn1. But I can’t see ndg-httpsclient and pyopenssl for trusty in official repositories. Can I somehow get away with not installing these extra packages?
I’ve run into this issue when trying to use geerlingguy.nodejs role.
Thanks in advance.
Regards,
Yuri