Failed to validate the SSL certificate

AAROC / e-Research-Hackfest-prep

The repository for the organising team of an e-Research Hackfest

Apache License 2.0

0 stars 5 forks source link

Failed to validate the SSL certificate #85

Closed mtorrisi closed 7 years ago

mtorrisi commented 7 years ago

I'm getting the following now: TASK [Announce the setup] ****************************************************** fatal: [sgw-dev.sci-gaia.eu]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for scigaia:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}

using: ansible-playbook development-environment.yml -i addis.ini --extra-vars "site_name=addis-hackfest slack_token=1234"

Maybe a problem related to the token used to notify slack channel

brucellino commented 7 years ago

this is due to ssl validation failure. Can you add ca-certificates to the prerequisites on the managed node, and try again - that might fix it.

mtorrisi commented 7 years ago

it doesn't seem work... I added

managed_prerequisites:
 - python2.7
 - python-simplejson
 - ca-certificates

but...

changed: [sgw-dev.sci-gaia.eu] => (item=python2.7)
changed: [sgw-dev.sci-gaia.eu] => (item=python-simplejson)
changed: [sgw-dev.sci-gaia.eu] => (item=ca-certificates)

TASK [Announce the setup] ******************************************************
fatal: [sgw-dev.sci-gaia.eu]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for scigaia:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}

brucellino commented 7 years ago

@mtorrisi the problem was using the wrong slack_token. By using -e slack_token you're overwriting the one in passwords-{{ site_name }}.yml.

The procedure for creating the slack token and adding it to the vault should be described though, not your fault :) Closing this in the meantime.