Hi,

For some reason, ansible fails to install nodesource's apt key on 
ubuntu/trusty. It seem to worked about a month ago or so (if I'm not 
mistaken).

playbook.yml:

    - hosts: all
      gather_facts: no

      tasks:
        - name: apt-get update
          raw: '! which apt-get
            && exit 0
            || apt-get update'

        - name: Install python
          raw: '! which apt-get
            && exit 0
            || apt-get -y install python'

    - hosts: all
      tasks:
        - name: Add Nodesource apt key.
          apt_key:
            url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key

Output:

    $ ansible-playbook playbook.yml -i lxc, -vv
    ...
    TASK [Add Nodesource apt key.] 
*************************************************
    task path: /home/yuri/_/deb.nodesource.com/playbook.yml:17
    fatal: [lxc]: FAILED! => {"changed": false, "failed": true, "msg": 
"Failed to validate the SSL certificate for deb.nodesource.com:443. Make 
sure your managed systems have a valid CA certificate installed. If the 
website serving the url uses SNI you need python >= 2.7.9 on your managed 
machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, 
and `pyasn1` python modules to perform SNI verification in python >= 2.6. 
You can use validate_certs=False if you do not need to confirm the servers 
identity but this is unsafe and not recommended. Paths checked for this 
platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, 
/etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}

Can I somehow investigate what's causing the issue? I indeed have 
python-2.7.6 there. Can I check if deb.nodesource.com is using SNI? Can 
this be an issue with trusty's certificates? Which packages am I supposed 
to install? I can see python-urllib3, and python-pyasn1. But I can't see 
ndg-httpsclient and pyopenssl for trusty in official repositories. Can I 
somehow get away with not installing these extra packages?

I've run into this issue when trying to use geerlingguy.nodejs role.

Thanks in advance.

Regards,
Yuri

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cc68327a-f116-49da-8d13-7c007fc569dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to