Hello everyone,
I was wondering if someone could point me in the right direction to solve the problem I am facing when trying to run a template (job), and I hope this is the place to ask, sorry if not.
It errors, saying: “SCM Update failed for project_name with ID #IDNUM#”, the SCM update function works from the “Projects” menu, and I even ran it through the docker exec command (“sudo docker exec -t -i awx_task ansible-galaxy install -r /tmp/req.yml -p /var/lib/awx/projects/_6__ansible_tools/roles/ --force”), and it does run correctly (I recreated the requirements.yml inside the tmp directory).
But when I check through the api (/api/v1/project_updates/#IDNUM#/) it spits an error when tring to do the first requirement with an SSL error:
[ERROR]: failed to download the file: Failed to validate the SSL certificate for github.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs,
/usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: (“bad handshake: Error([(‘SSL routines’,‘ssl3_read_bytes’,‘tlsv1 alert protocol version’)],)”,).
[WARNING]: - geerlingguy.repo-epel was NOT installed successfully.
I tried changing the requirement file, to see if that specific role was the problem, but the error persists.
I did come across some github issues where they suggest it’s an OpenSSL error, but i did run the tests they suggest and the come good (https://github.com/ansible/ansible/issues/33417).
$ python --version; python -c "import ssl; print ssl.OPENSSL_V ERSION": Python 2.7.5 OpenSSL 1.0.1e-fips 11 Feb 2013
$ openssl s_client -connect github.com:443 [...] SSL handshake has read 3637 bytes and written 415 bytes [...]
I am running it through docker, so I have the memcached, rabbitmq, postgresql, awx_web and awx_task, tried rebooting the whole VM, the containters, flushing the memcache and yet there is no positive result.
`
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c725294c98fe postgres:9.6 “docker-entrypoint…” 2 months ago Up 2 hours 5432/tcp postgres
1f4f020d6a19 ansible/awx_task:latest “/tini – /bin/sh …” 3 months ago Up 2 hours 8052/tcp awx_task
cf752fe580d8 ansible/awx_web:latest “/tini – /bin/sh …” 3 months ago Up 2 hours 0.0.0.0:80->8052/tcp awx_web
0184fedd2331 memcached:alpine “docker-entrypoint…” 3 months ago Up 2 hours 11211/tcp memcached
4c44546521e7 rabbitmq:3 “docker-entrypoint…” 3 months ago Up 2 hours 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq
`
$ ansible --version: ansible 2.4.1.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Used this playbook to install it: https://github.com/geerlingguy/awx-container but modified it, so that the postgresql database wasn’t set to the tmp folder.
This was working last week, and the error showed up on Friday, I reverted in time to a previous commit for the project, but that didn’t work.
And I am running out of ideas to what to try next, so if someone knows of any possible solution, please let me know.
Thanks in advance,
Best,
Oscar.