Hi I am learning ansible now and I am trying install ansible roles , but I got SSL error message as below.
I am running linux in VM.
jkim3@jeff:~/ansible_test$ uname -a
Linux jeff 4.15.0-24-generic #26-Ubuntu SMP Wed Jun 13 08:44:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
jkim3@jeff:~/ansible_test$ ansible-galaxy install -r dellemc_roles.txt
[DEPRECATION WARNING]: going forward only the yaml format will be supported. This feature will be removed in version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
- downloading role ‘dellos-aaa’, owned by Dell-Networking
- downloading role from https://github.com/Dell-Networking/ansible-role-dellos-aaa/archive/v3.0.0.tar.gz
[ERROR]: failed to download the file: Failed to validate the SSL certificate for github.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm
the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg
was: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:726).
[WARNING]: - Dell-Networking.dellos-aaa was NOT installed successfully.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
Hi
The error already has some useful hints. Did you check those?
What happens if you manually try to retrieve that file using curl or wget?
If that also doesn't work, then you'd need to check what's going on
with your CAs.
It could also be that someone is intercepted traffic and
What ansible version are you using?
Dick
Thanks for your response , Dick
jkim3@jeff:~/ansible_test$ wget https://github.com/Dell-Networking/ansible-role-dellos-aaa/archive/v3.0.0.tar.gz
–2018-07-10 22:00:49-- https://github.com/Dell-Networking/ansible-role-dellos-aaa/archive/v3.0.0.tar.gz
Resolving github.com (github.com)… 192.30.255.113, 192.30.255.112
Connecting to github.com (github.com)|192.30.255.113|:443… connected.
OpenSSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Unable to establish SSL connection.
jkim3@jeff:~/ansible_test$ ansible --version
ansible 2.5.1
Thanks for your response , Dick
jkim3@jeff:~/ansible_test$ wget
https://github.com/Dell-Networking/ansible-role-dellos-aaa/archive/v3.0.0.tar.gz
--2018-07-10 22:00:49--
https://github.com/Dell-Networking/ansible-role-dellos-aaa/archive/v3.0.0.tar.gz
Resolving github.com (github.com)... 192.30.255.113, 192.30.255.112
Connecting to github.com (github.com)|192.30.255.113|:443... connected.
OpenSSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Unable to establish SSL connection.
This indicates a generic crypto problem on this host.
Try spinning up a new host. If you encounter the same problem there,
then this indicates some issue upstream.
Either way, it's not related to ansible.
So if you fix the crypto problem, your playbook will likely also start working.
Dick
Hi Dick ,
I found this error was caused by firewall blocking
Thanks a lot