Incorrect version of cryptography used during pip install

[NewbZilla]

When I got to "Lab 4: Ansible dynamic inventory for Azure" I ran into an error running azure_rm.py

Error

[lab-user@ansibleMaster ~]$ python ./ansible/contrib/inventory/azure_rm.py --list
From cffi callback <function _verify_callback at 0x28a3c08>:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
    _lib.X509_up_ref(x509)
AttributeError: 'module' object has no attribute 'X509_up_ref'
, SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /f649c560-d5ad-47f8-9660-45061e79fa51/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

It would appear this issue has to do with 17.5.0 pyOpenSSL Release and a requirements.txt missing the version requirement on cryptography?

pyOpenSSL Release Information 17.5.0 (2017-11-30) Backward-incompatible changes: The minimum cryptography version is now 2.1.4.

[lab-user@ansibleMaster ~]$ pip show cryptography
Name: cryptography
Version: 1.7.2
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
Author-email: cryptography-dev@python.org
License: BSD or Apache License, Version 2.0
Location: /usr/lib64/python2.7/site-packages
Requires: idna, pyasn1, six, setuptools, enum34, ipaddress, cffi

Fix

[lab-user@ansibleMaster ~]$ sudo pip install cryptography==2.1.4
Collecting cryptography==2.1.4
  Downloading cryptography-2.1.4-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)
    100% |¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦| 2.2MB 544kB/s
Collecting cffi>=1.7; platform_python_implementation != "PyPy" (from cryptography==2.1.4)
  Downloading cffi-1.11.4-cp27-cp27mu-manylinux1_x86_64.whl (406kB)
    100% |¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦| 409kB 2.8MB/s
Requirement already satisfied: enum34; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography==2.1.4)
Collecting asn1crypto>=0.21.0 (from cryptography==2.1.4)
  Downloading asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)
    100% |¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦| 102kB 10.0MB/s
Requirement already satisfied: idna>=2.1 in /usr/lib/python2.7/site-packages (from cryptography==2.1.4)
Requirement already satisfied: six>=1.4.1 in /usr/lib/python2.7/site-packages (from cryptography==2.1.4)
Requirement already satisfied: ipaddress; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography==2.1.4)
Requirement already satisfied: pycparser in /usr/lib/python2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography==2.1.4)
Installing collected packages: cffi, asn1crypto, cryptography
  Found existing installation: cffi 1.6.0
    Uninstalling cffi-1.6.0:
      Successfully uninstalled cffi-1.6.0
  Found existing installation: cryptography 1.7.2
    Uninstalling cryptography-1.7.2:
      Successfully uninstalled cryptography-1.7.2
Successfully installed asn1crypto-0.24.0 cffi-1.11.4 cryptography-2.1.4

[kshitizsh12]

Try pip uninstall pyOpenSSL cryptography sudo pip install pyOpenSSL cryptography

shall fix the error.

[brootware]

Thanks much @kshitizsh12 ! For those of us facing the same issue of step 3 on lab 5.

ansible-playbook ~/ansible-azure-lab/new_vm_web.yml --extra-vars "vmname=<placeholder> resgrp=ansiblelab vnet=ansibleVnet subnet=ansibleSubnet" 
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [CREATE VM PLAYBOOK] ************************************************************************************************************************************************************************
TASK [debug] *************************************************************************************************************************************************************************************ok: [localhost] => {
    "msg": "Public DNS name <placeholder>.westeurope.cloudapp.azure.com resolved to IP NXDOMAIN. "
}

TASK [Create storage account] ********************************************************************************************************************************************************************fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "From cffi callback <function _verify_callback at 0x7f2d11ff0140>:\nTraceback (most recent call last):\n  File \"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 309, in wrapper\n    _lib.X509_up_ref(x509)\nAttributeError: 'module' object has no attribute 'X509_up_ref'\nTraceback (most recent call last):\n  File \"/tmp/ansible_rFL2nL/ansible_module_azure_rm_storageaccount.py\", line 456, in <module>\n    main()\n  File \"/tmp/ansible_rFL2nL/ansible_module_azure_rm_storageaccount.py\", line 453, in main\n    AzureRMStorageAccount()\n  File \"/tmp/ansible_rFL2nL/ansible_module_azure_rm_storageaccount.py\", line 195, in __init__\n    supports_check_mode=True)\n  File \"/tmp/ansible_rFL2nL/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\", line 348, in __init__\n  File \"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", line 453, in __init__\n    self.set_token()\n  File \"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", line 480, in set_token\n    raise_with_traceback(AuthenticationError, \"\", err)\n  File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n    raise error\nmsrest.exceptions.AuthenticationError: , SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /071cb4fe-bba9-430b-83be-b26821aebcaa/oauth2/token (Caused by SSLError(SSLError(\"bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
        to retry, use: --limit @/home/bruce/ansible-azure-lab/new_vm_web.retry

PLAY RECAP ***************************************************************************************************************************************************************************************localhost                  : ok=1    changed=0    unreachable=0    failed=1

[filebe777]

From cffi callback <function _verify_callback at 0x7f81c18556e0>: Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 309, in wrapper _lib.X509_up_ref(x509) AttributeError: 'module' object has no attribute 'X509_up_ref'

it did not work for me

[Roser1996]

From cffi callback <function _verify_callback at 0x7f81c18556e0>: Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 309, in wrapper _lib.X509_up_ref(x509) AttributeError: 'module' object has no attribute 'X509_up_ref'

it did not work for me

Hi filebe777, I got the same problem as you, did you fix that?

[hieonn]

Try pip uninstall pyOpenSSL cryptography sudo pip install pyOpenSSL cryptography

shall fix the error.

Thanks for your complete solution, and also there were couple of error messages for the symptom

1) (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

2) File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", in wrapper _lib.X509_up_ref(x509) AttributeError: 'module' object has no attribute 'X509_up_ref'

3) AttributeError: 'module' object has no attribute 'X509_up_ref'

Those come from the same reason and the solution can resolve.

or just pip uninstall pyOpenSSL resolves as well

[netoluizbezerra]

Try pip uninstall pyOpenSSL cryptography sudo pip install pyOpenSSL cryptography

shall fix the error.

It works

[shashank-saxena-guavus]

Try pip uninstall pyOpenSSL cryptography sudo pip install pyOpenSSL cryptography

shall fix the error.

worked , great solution thanks

[caruccio]

For CentOS victim^H^H^Husers, simply pip uninstall pyOpenSSL and yum install pyOpenSSL.