[ansible-project] SSL/Certificate Errors when running playbooks against Azure

[JOS]

Hello,

So I have an Azure free trial subscription and am trying to deploy VMs for 
it through ansible.  For reference, I mostly followed this 
guide: https://github.com/erjosito/ansible-azure-lab

I am unable to execute any playbook task at all, even something as simple 
as merely creating a resource group with a network.  Here is the error I 
always get:

fatal: [192.168.0.177]: FAILED! => {"changed": false, "failed": true, 
"module_stderr": "From cffi callback <function _verify_callback at 
0x318b9b0>:\nTraceback (most recent call last):\n  File 
\"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 313, in 
wrapper\n    _lib.X509_up_ref(x509)\nAttributeError: 'module' object has no 
attribute 'X509_up_ref'\nTraceback (most recent call last):\n  File 
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line 
354, in <module>\n    main()\n  File 
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line 
351, in main\n    AzureRMVirtualNetwork()\n  File 
\"/tmp/ansible_uaTUwO/ansible_module_azure_rm_virtualnetwork.py\", line 
206, in __init__\n    supports_check_mode=True)\n  File 
\"/tmp/ansible_uaTUwO/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\",
 
line 235, in __init__\n  File 
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", 
line 440, in __init__\n    self.set_token()\n  File 
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", 
line 473, in set_token\n    raise_with_traceback(AuthenticationError, \"\", 
err)\n  File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\", 
line 48, in raise_with_traceback\n    raise 
error\nmsrest.exceptions.AuthenticationError: , SSLError: 
HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max 
retries exceeded with url: /*b4f64759-blah-blah*/oauth2/token (Caused by 
SSLError(SSLError(\"bad handshake: Error([('SSL routines', 
'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n", 
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}


I am able to connect to azure via the azure CLI create VMs and such through 
a bash script, but I need to get this working with ansible.


My credentials file
[code]
subscription_id=5eff-blah-blah
client_id=83e09b01-blah-blah
secret=passwordblahblah
tenant=b4f64759-blah-blah
[/code]


Sample yml

[code] 
- name: whatever
  hosts: localhost
  connection: local

  tasks:
  - name: Create virtual network
    azure_rm_virtualnetwork:
      resource_group: myResourceGroup
      name: myVnet
      address_prefixes: "10.10.0.0/16"

[/code]

I have even tried modifying my credentials file to include the azure AD 
username & password (yes, I know this is considered bad practice, but I got 
desperate) and it still fails with a certificate error:

[code]
ad_user=du...@dummy.com
password=DummyLab
subscription_id=5eff-blah-blah
[/code]

fatal: [192.168.0.177]: FAILED! => {"changed": false, "failed": true, 
"module_stderr": "From cffi callback <function _verify_callback at 
0x30f3938>:\nTraceback (most recent call last):\n  File 
\"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 313, in 
wrapper\n    _lib.X509_up_ref(x509)\nAttributeError: 'module' object has no 
attribute 'X509_up_ref'\nTraceback (most recent call last):\n  File 
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line 
354, in <module>\n    main()\n  File 
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line 
351, in main\n    AzureRMVirtualNetwork()\n  File 
\"/tmp/ansible_B6bKF3/ansible_module_azure_rm_virtualnetwork.py\", line 
206, in __init__\n    supports_check_mode=True)\n  File 
\"/tmp/ansible_B6bKF3/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\",
 
line 245, in __init__\n  File 
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", 
line 367, in __init__\n    self.set_token()\n  File 
\"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", 
line 404, in set_token\n    raise_with_traceback(AuthenticationError, \"\", 
err)\n  File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\", 
line 48, in raise_with_traceback\n    raise 
error\nmsrest.exceptions.AuthenticationError: , SSLError: 
HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max 
retries exceeded with url: /common/oauth2/token (Caused by 
SSLError(SSLError(\"bad handshake: Error([('SSL routines', 
'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n", 
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/345e87d9-4799-4f26-9a43-865a5f4ca57b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.