Ok. Here's something that works though it shouldn't be done as it's a
security risk.
So, if you're using the "ansible" command under MacOSX Yosemite, here's how
to get things to work:
1. Edit (or create) the
file /Library/Python/2.7/site-packages/sitecustomize.py
2. Add this code to the file:
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
That's it. Works great now. Security risk, obviously, but I consider this a
temporary fix.
J
On Friday, October 16, 2015 at 10:37:07 AM UTC-5, Slim Slam wrote:
>
> There is quite a bit of noise about this issue under Ansible 1.94 and 2.00
> here:
>
> https://github.com/ansible/ansible/issues/10294
>
> But no resolution.
>
> J
>
> On Friday, October 16, 2015 at 10:05:47 AM UTC-5, J Hawkesworth wrote:
>>
>> My impression is this is because of the python version that you get with
>> recent OSX.
>>
>> If I recall it was python 2.7.9 that introduced the cert checking in
>> python.
>>
>> On Friday, October 16, 2015 at 3:59:23 PM UTC+1, Trond Hindenes wrote:
>>>
>>> As far as I can see this works differently when using OSX as a control
>>> node as opposed to Ubuntu, Centos or other Linux distros. I'm seeing a lot
>>> of these errors when Ansible is running from OSX. Not sure if pywinrm
>>> behaves differently on osx than on Linux?
>>>
>>> On Friday, October 16, 2015 at 4:48:06 PM UTC+2, Slim Slam wrote:
>>>>
>>>> I shortened the path to make the posting easier to read. The actual
>>>> path is something
>>>> much longer. :)
>>>>
>>>> Thanks for taking the time to look though.
>>>>
>>>> On Tue, Oct 13, 2015 at 7:45 AM, J Hawkesworth
>>>> <[email protected]> wrote:
>>>> > Just wondering if the callback plugin is actually getting loaded.
>>>> >
>>>> > You have
>>>> >
>>>> > callback_plugins = /callback_plugins/fix-ssl.py
>>>> >
>>>> >
>>>> > configured but that would be an unusual location if you intended an
>>>> absolute
>>>> > path. I think you need to configure a full path to the folder, not
>>>> the name
>>>> > of a file for callback_plugins if I recall.
>>>> >
>>>> > So something like
>>>> >
>>>> > callback_plugins = /usr/share/local/callback_plugins/
>>>> >
>>>> >
>>>> > (and obviously you'd need to put fix-ssl.py into
>>>> > /usr/share/local/callback_plugins). I'm not familiar with OSX paths
>>>> so
>>>> > /usr/share/local/callback_plugins is just intended to be an example
>>>> folder.
>>>> >
>>>> > Hope this helps,
>>>> >
>>>> > Jon
>>>> > On Monday, October 12, 2015 at 4:31:27 PM UTC+1, Slim Slam wrote:
>>>> >>
>>>> >> Has anyone gotten Ansible 1.9.4 to work with Windows Server using
>>>> the
>>>> >> "ansible" (not ansible-playbook) command?
>>>> >>
>>>> >> J
>>>> >>
>>>> >> On Sunday, October 11, 2015 at 12:21:05 AM UTC-5, Slim Slam wrote:
>>>> >>>
>>>> >>>
>>>> >>> Using Ansible 1.9.4 and Python 2.7.10 on MacOSX 10.10.5
>>>> >>>
>>>> >>> When attempting:
>>>> >>>
>>>> >>> env ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ansible winserv -i
>>>> ../windows_servers
>>>> >>> -m win_ping
>>>> >>>
>>>> >>> I get:
>>>> >>>
>>>> >>> 54.68.166.123 | FAILED => 500 WinRMTransport. [SSL:
>>>> >>> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
>>>> >>>
>>>> >>> As suggested in previous postings, I have a file named fix-ssl.py
>>>> in my
>>>> >>> callback_plugins folder:
>>>> >>>
>>>> >>> import ssl
>>>> >>> if hasattr(ssl, '_create_default_https_context') and hasattr(ssl,
>>>> >>> '_create_unverified_context'):
>>>> >>> ssl._create_default_https_context =
>>>> ssl._create_unverified_context
>>>> >>>
>>>> >>> class CallbackModule(object):
>>>> >>> pass
>>>> >>>
>>>> >>> And in my ansible.cfg file, I have:
>>>> >>>
>>>> >>> bin_ansible_callbacks=True
>>>> >>> callback_plugins = /callback_plugins/fix-ssl.py
>>>> >>>
>>>> >>> How can I get this to work?
>>>> >>>
>>>> > --
>>>> > You received this message because you are subscribed to a topic in
>>>> the
>>>> > Google Groups "Ansible Project" group.
>>>> > To unsubscribe from this topic, visit
>>>> >
>>>> https://groups.google.com/d/topic/ansible-project/PNzzvbeT5hY/unsubscribe.
>>>>
>>>> > To unsubscribe from this group and all its topics, send an email to
>>>> > [email protected].
>>>> > To post to this group, send email to [email protected].
>>>> > To view this discussion on the web visit
>>>> >
>>>> https://groups.google.com/d/msgid/ansible-project/8f3c5530-2a88-400f-9e47-701fb1c20934%40googlegroups.com.
>>>>
>>>>
>>>> >
>>>> > For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ba604556-6ffb-4b78-a920-1a7fe7bbd503%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
