search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
784 stars 1.45k forks source link

[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] with community.general.redfish_info module #8555

Closed fzakfeld closed 1 week ago

fzakfeld commented 1 week ago

Summary

The community.general.redfish_info module, commonly used to control BMCs that don't support the latest TLS ciphers, will throw this error:

localhost | FAILED! => {
    "changed": false,
    "msg": "URL Error on GET request to 'https://hostname/redfish/v1/': '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)'"
}

The same issue happens with get_url and uri, but can be solved by adding the ciphers: "AES256-SHA" option

Issue Type

Bug Report

Component Name

redfish_info

Ansible Version

$ ansible --version
ansible [core 2.17.1]
  config file = /Users/fzakfeld/src/scaleup-ansible/ansible.cfg
  configured module search path = ['/Users/fzakfeld/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/fzakfeld/.su-ansible-pyenv/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/fzakfeld/.ansible/collections:/usr/share/ansible/collections:/etc/ansible/collections
  executable location = /Users/fzakfeld/.su-ansible-pyenv/bin/ansible
  python version = 3.10.0 (default, May 24 2022, 11:57:56) [Clang 13.0.0 (clang-1300.0.27.3)] (/Users/fzakfeld/.su-ansible-pyenv/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /Users/fzakfeld/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 3.5.0  

# /Users/fzakfeld/.su-ansible-pyenv/lib/python3.10/site-packages/ansible_collections
Collection        Version
----------------- -------

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce


- name: Get CPU inventory
  community.general.redfish_info:
    category: Systems
    command: GetCpuInventory
    baseuri: "hostname"
    username: "Administrator"
    password: "superuser"
  register: result

(use any host that uses older ciphers)

Expected Results

Expect the HTTPS request to happen

Actual Results

localhost | FAILED! => {
    "changed": false,
    "msg": "URL Error on GET request to 'https://hostname/redfish/v1/': '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)'"
}

Code of Conduct

fzakfeld commented 1 week ago

I see this has been fixed with https://github.com/ansible-collections/community.general/issues/8533