search

bgruening / docker-galaxy

:whale::bar_chart::books: Docker Images tracking the stable Galaxy releases.
http://bgruening.github.io/docker-galaxy
MIT License
226 stars 134 forks source link

Can't build image with support for IE: Failed to validate the SSL certificate #459

Closed ilveroluca closed 6 years ago

ilveroluca commented 6 years ago

The Ansible task that verifies whether the system supports interactive environments fails seemingly because of outdated certificates:

TASK [galaxyprojectdotorg.galaxyextras : Check if the Ubuntu distro is supported] ***
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for deb.nodesource.com:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine  (the python executable used (/usr/bin/python) is version: 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure."}
        to retry, use: --limit @/ansible/provision.retry

The task failing should be this one:

https://github.com/galaxyproject/ansible-galaxy-extras/blob/fe5ba3e5f8f2daa217b460f17d0469fac555d72c/tasks/ie_proxy.yml#L2

ilveroluca commented 6 years ago

A PR has been submitted to ansible-galaxy-extras which solves this issue:

https://github.com/galaxyproject/ansible-galaxy-extras/pull/219

bgruening commented 6 years ago

@ilveroluca is this on the dev version? Or also on stable? If dev, or the new 18.09 version, please commit into this branch https://github.com/galaxyproject/ansible-galaxy-extras/tree/18.09 ... I will use this one as long as we get the Docker to build for 18.09.

Thanks!

ilveroluca commented 6 years ago

You mean the Galaxy version?
This emerged on a regular build of the PhenoMeNal images, which are using Galaxy 18.01. We're on @pcm32's 18.01-k8s branch of docker-galaxy-stable and of ansible-galaxy-extras, which are a little dated. In any case, the line of ansible code has been carried forward to the current ansible-galaxy-extras master, so any older base image might be susceptible.

bgruening commented 6 years ago

Yes, Galaxy version. But I see, 18.01 is older. I just merged your PR. Thanks a lot!