I am trying to download a file from the repo to a server using
ansible. This has been working fine on all the old machines but on a
new machine, which has the same setup, it keeps giving me SSL error.
My environment is as below:
Jenkins machine(that triggers the ansible job)
$ ansible all -i inventory/localhost -c local -m setup -a
'filter=ansible_python'localhost | SUCCESS => {
"ansible_facts": {
"ansible_python": {
"executable": "/usr/bin/python",
"has_sslcontext": true,
"type": "CPython",
"version": {
"major": 2,
"micro": 9,
"minor": 7,
"releaselevel": "final",
"serial": 0
},
"version_info": [
2,
7,
9,
"final",
0
]
}
},
"changed": false
}
$ ansible all -i inventory/localhost -c local -m uri -a
url=https://devops.rightleads.io/
localhost | SUCCESS => {
"accept_ranges": "bytes",
"changed": false,
"connection": "close",
"content_length": "10701",
"content_type": "text/html",
"date": "Mon, 19 Feb 2018 11:33:15 GMT",
"etag": "\"29cd-54815428d497e\"",
"last_modified": "Thu, 09 Feb 2017 09:03:51 GMT",
"msg": "OK (10701 bytes)",
"redirected": false,
"server": "Apache/2.4.10 (Debian)",
"status": 200,
"url": "https://devops.rightleads.io/",
"vary": "Accept-Encoding"
}
Dev machine
$ ansible tag_web -i inventory/gce.py -u admin
--private-key=projectkey -m setup -a 'filter=ansible_python' --limit
tag_dev
dev-web | SUCCESS => {
"ansible_facts": {
"ansible_python": {
"executable": "/usr/bin/python",
"has_sslcontext": true,
"type": "CPython",
"version": {
"major": 2,
"micro": 13,
"minor": 7,
"releaselevel": "final",
"serial": 0
},
"version_info": [
2,
7,
13,
"final",
0
]
}
},
"changed": false
}
$ ansible tag_web -i inventory/gce.py -u admin
--private-key=projectkey -m uri -a url=https://devops.rightleads.io/
--limit tag_dev
dev-web | SUCCESS => {
"accept_ranges": "bytes",
"changed": false,
"connection": "close",
"content_length": "10701",
"content_type": "text/html",
"date": "Mon, 19 Feb 2018 11:35:00 GMT",
"etag": "\"29cd-54815428d497e\"",
"last_modified": "Thu, 09 Feb 2017 09:03:51 GMT",
"msg": "OK (10701 bytes)",
"redirected": false,
"server": "Apache/2.4.10 (Debian)",
"status": 200,
"url": "https://devops.rightleads.io/",
"vary": "Accept-Encoding"
}
$ ansible tag_web -i inventory/gce.py --user admin
--private-key=projectkey --limit=tag_dev --sudo -m get_url -a
"url=https://devops.rightleads.io/repo/webapi/webapi_demo_4.tar
dest=/tmp/webapi.tar force=yes" -vvv
dev-web | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d14de4a99dd20c5128fd78ddbf6c70801057d4a3",
"dest": "/tmp/webapi.tar",
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": false,
"checksum": "",
"content": null,
"delimiter": null,
"dest": "/tmp/webapi.tar",
"directory_mode": null,
"follow": false,
"force": true,
"force_basic_auth": false,
"group": null,
"headers": null,
"http_agent": "ansible-httpget",
"mode": null,
"owner": null,
"path": "/tmp/webapi.tar",
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"sha256sum": "",
"src": null,
"timeout": 10,
"tmp_dest": "",
"unsafe_writes": null,
"url": "https://devops.rightleads.io/repo/webapi/webapi_demo_4.tar",
"url_password": "xxx",
"url_username": "yyy",
"use_proxy": true,
"validate_certs": true
},
"module_name": "get_url"
},
"md5sum": "96166c42eb5a47766dc5e02a2590829f",
"mode": "0644",
"msg": "OK (136683520 bytes)",
"owner": "root",
"size": 136683520,
"src": "/tmp/tmpJgzn5R",
"state": "file",
"uid": 0,
"url": "https://devops.rightleads.io/repo/webapi/webapi_demo_4.tar"
}
$ python -V
Python 2.7.13
$ ls -l /etc/ssl/certs/DST_Root_CA_X3.pem
lrwxrwxrwx 1 root root 53 Dec 14 00:19
/etc/ssl/certs/DST_Root_CA_X3.pem ->
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
$ echo quit | openssl s_client -connect devops.rightleads.io:443 | head
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = devops.rightleads.io
verify return:1
CONNECTED(00000003)