Error when retrieving apt key on Ubuntu 14.04

[mklatsky]

On Ubuntu 14.04 machines, when I run 'ansible-playbook playbook.yml', I receive the following error:

fatal: [xxx.yyy.zzz.aaa]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for sks-keyservers.net:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the urllib3, pyopenssl, ndg-httpsclient, and pyasn1 python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}

[atosatto]

Dear Michael,

thank you for reporting this issue. I'll investigate it and provide a fix ASAP. :)

Andrea Tosatto

On Oct 4, 2016 6:52 PM, "Michael Klatsky" notifications@github.com wrote:

On Ubuntu 14.04 machines, when I run 'ansible-playbook playbook.yml', I receive the following error:

fatal: [xxx.yyy.zzz.aaa]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for sks-keyservers.net:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the urllib3, pyopenssl, ndg-httpsclient, and pyasn1 python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/atosatto/ansible-dockerswarm/issues/6, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1LhgkUEcPxD6bcz-7kVJXLrcdkFRVPks5qwoRXgaJpZM4KN6NT .

[atosatto]

Hi @mklatsky.

I've started working on this issue on #7. Right now the issue should be fixed. Before merging it into master I have to fix a small regression with Ubuntu 16.04.

Could you give it a try to give me some feedbacks?

[mklatsky]

When I used the updated version, I was able to successfully created a docker swarm cluster without error. Thank you!

Let me know if there is additional information you require.

[Mehonoshin]

Hello! I'm having the same issue

[atosatto]

Hi @Mehonoshin. I'm currently working to fix this problem on PR #7. The fix for Ubuntu 14.04 should be done. Before merging into master I would like to implement some checks to skip the "Install the Python SNI support packages" on Ubuntu 16.04.

[Mehonoshin]

@atosatto great! Meanwhile I'll test your branch on my environment

[atosatto]

@Mehonoshin awesome! :) Keep my posted with the result of your tests.

[atosatto]

I've just updated the f-issue6branch to e50158f. @mklatsky and/or @Mehonoshin could you please give it one more run to be sure that everything is still working?

Thank you :punch:

[Mehonoshin]

@atosatto I've tested role on two Ubuntu trusty VMs inside vagrant. Everything looks good for me! BTW, I've faced with an issue, that is not related to current bug. So I've made a separate pull request. Check it out.

[atosatto]

Thank you very much for your support. I've now released version 1.3.0 containing this fix for Ubuntu 14.04.