>
> The easy solution may just be updating your cacert bundle by updating the
> ca-certificates package and then trying again.
>
Adding
- name: Update ca-certificates
apt:
name: ca-certificates
state: latest
before installing apt key didn't help.
> My initial look indicates that the server is not using SNI, it has a
> wildcard cert, provided by Amazon.
>
Following this answer on serverfault.com:
http://serverfault.com/a/780388/162443
I get:
$ dig +noall +answer deb.nodesource.com
deb.nodesource.com. 300 IN CNAME
d2buw04m05mirl.cloudfront.net.
d2buw04m05mirl.cloudfront.net. 60 IN A 54.230.230.81
...
$ openssl s_client -servername deb.nodesource.com -tlsextdebug -connect
d2buw04m05mirl.cloudfront.net:443 2>/dev/null | grep "server name"
TLS server extension "server name" (id=0), len=0
Which most likely means, that the server uses SNI.
Here's what I came up with:
- hosts: all
tasks:
- name: Install apt_key dependencies
apt:
name: '{{ item }}'
with_items: [python-urllib3, python-openssl, python-pyasn1,
python-pip]
when: ansible_distribution == 'Ubuntu' or
ansible_distribution_release == 'trusty'
- name: Install apt_key dependencies
command: pip install ndg-httpsclient
when: ansible_distribution == 'Ubuntu' or
ansible_distribution_release == 'trusty'
After this apt key gets installed.
Regards,
Yuri
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f4bbc884-5c3d-4ef2-9d85-13e1db01c5e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
