search

hashicorp / vagrant

Vagrant is a tool for building and distributing development environments.
https://www.vagrantup.com
Other
26.22k stars 4.43k forks source link

vagrant 2.1.4 fails to install pip SSLErrors. #10189

Closed mcc138 closed 6 years ago

mcc138 commented 6 years ago

vagrant provision fails to install pip

curl https://bootstrap.pypa.io/get-pip.py | sudo python

Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl

Vagrant version

Vagrant 2.1.4 VirtualBox-5.2-5.2.16_123759_el7-1.x86_64

Host operating system

Rhel 7.5 Linux jenkinsslave.swift 3.10.0-862.6.3.el7.x86_64 #1 SMP Fri Jun 15 17:57:37 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux

Guest operating system

This is the operating system you run in the virtual machine.

Vagrantfile

# hack to only run a subset of Ansible tasks:
ansible_tags=ENV['ANSIBLE_TAGS'] || 'all'
ansible_skip_tags=ENV['ANSIBLE_SKIP_TAGS'] || ''

# Set the mac address, used for Oracle Licensing
vmboxmacaddr=ENV['SWIFT_DEVEL_MAC'] || '0800276314d3'

# additional env vars to build base box:
swift_vagrant_dev_url=ENV['SWIFT_VAGRANT_DEV_URL'] || false
swift_vagrant_wms_dir=ENV['SWIFT_VAGRANT_WMS_DIR'] || "../../swift_wms_components/les"
swift_vagrant_vram=ENV['SWIFT_VAGRANT_VRAM'] || 16384
swift_requirements=ENV['SWIFT_REQUIREMENTS'] || "requirements_vagrant.yml"
swift_developer_mounts=ENV['SWIFT_DEVELOPER_MOUNTS'] || "false"
swift_vagrant_provider=ENV['SWIFT_VAGRANT_PROVIDER'] || "false"

# this is used to distinguish different vagrant setups for licensing and esb clients
swift_vagrant_hostuser=ENV['USERNAME'] || ENV['USER'] || ""

$rhel_provision_script = <<SCRIPT
set -x
echo provisioning host $(hostname -f)
http_proxy= https_proxy= subscription-manager register --force --org="KN" --activationkey="act-rhel7-vagrant-developer"
SCRIPT

Vagrant.require_version ">= 2.1.4"

# Default list of playbooks to play
playbooks = [ "playbook_jda.yml" ]

Vagrant.configure("2") do |config|

  # K+N network
  unless Vagrant.has_plugin?("vagrant-proxyconf")
    puts 'vagrant-proxyconf plugin required! To install simply do `vagrant plugin install vagrant-proxyconf`'
  #  abort
  end

  # basebox
  config.vm.box="swift-rhel-7.4"
  config.vm.box_url="https://jenkins-swift.int.kn/apps/vagrant/swift-rhel-7.4.json"
  config.vm.box_download_insecure=true

  # simplify a few things with insecure ssh keys, required to save new boxes
  # (cf. https://wiki.int.kn/display/SWIFT/Vagrant#Vagrant-Ad-hoc)
  config.ssh.insert_key=false

  if swift_vagrant_provider == "libvirt" then
    # libvirt config
    config.vm.provider :libvirt do |v|
      v.graphics_type = "spice"
      v.video_type = "qxl"
      v.memory = swift_vagrant_vram
      v.cpus   = 4
      config.vm.synced_folder ".", "/vagrant", nfs_udp: false
    end
    # end of swift_vagrant_provider == "libvirt"
  else
    # default config (virtualbox)
    config.vm.provider "virtualbox" do |v|
      v.memory = 12888
      v.cpus   = 1
      # modify default synced folder mount to allow _only_ user vagrant to access it
      # workaround for problems with mounts from Windows hosts and Ansible/SSH strict permission checking
      config.vm.synced_folder ".", "/vagrant", mount_options: ["dmode=700,fmode=600"]
    end
    # end of default config
  end

  config.proxy.http      = "http://forwarder.proxy.int.kn:8080"
  config.proxy.https     = "https://forwarder.proxy.int.kn:8080"
  config.proxy.no_proxy  = ".int.kn,.vagrant,localhost,127.0.0.1"
  config.yum_proxy.http  = false
  config.git_proxy.http  = false

  config.vm.define "appserver" do |node|
    # COMMON --------------------------------------
    node.vm.hostname = "appserver.vagrant"
    node.vm.network "private_network", ip: "192.168.56.113", mac: "#{vmboxmacaddr}"
    # Swift ports
    node.vm.network "forwarded_port", guest: 8010, host: 8010, auto_correct: true
    node.vm.network "forwarded_port", guest: 8011, host: 8011, auto_correct: true
    node.vm.network "forwarded_port", guest: 8012, host: 8012, auto_correct: true
    node.vm.network "forwarded_port", guest: 8015, host: 8015, auto_correct: true
    node.vm.network "forwarded_port", guest: 8017, host: 8017, auto_correct: true
    node.vm.network "forwarded_port", guest: 8018, host: 8018, auto_correct: true
    node.vm.network "forwarded_port", guest: 8019, host: 8019, auto_correct: true
    # Oracle access
    node.vm.network "forwarded_port", guest: 1521, host: 1521, auto_correct: true

    # COMMON --------------------------------------

    if swift_vagrant_dev_url then
      # Developer mode, only prepared appserver ---
      config.vm.box="swift-devinstall"
      config.vm.box_url=swift_vagrant_dev_url
      config.vm.boot_timeout=120

      node.vm.provider "virtualbox" do |v|
        v.memory = swift_vagrant_vram
        v.cpus   = 2
      end

      if swift_developer_mounts == "true" then
      # Only mount for Developers as this breaks the vagrant box.
          jdadst='/apps/jda/swiftapp/les'
          jdasrc=swift_vagrant_wms_dir
          # DO NOT MOUNT src and lib as this makes the vagrant box unusable
          devmnts = {
            jdasrc + "/src"     => jdadst + "/src",
            jdasrc + "/lib"     => jdadst + "/lib",
            jdasrc + "/kn"      => jdadst + "/kn",
            jdasrc + "/log"     => jdadst + "/log",
            jdasrc + "/hostout" => jdadst + "/hostout",
            jdasrc + "/hostin"  => jdadst + "/hostin",
            jdasrc + "/data/ws" => jdadst + "/data/ws"
          }

          if swift_vagrant_provider == "libvirt" then
            devmnts.each do |hkey, val|
              config.vm.synced_folder hkey, val, nfs_udp: false
            end
          else
            devmnts.each do |hkey, val|
              config.vm.synced_folder hkey, val, owner: "wmd", group: "wmd", mount_options: ["dmode=777,fmode=777"]
            end
          end
      end
      # end of SWIFT_VAGRANT_DEV mode -------------
    else
        # Ops and build mode, full setup ------------
        config.vm.provision "shell", name: "register_rhel", inline: $rhel_provision_script
        playbooks = [ "playbook_vagrant.yml", "playbook_jda.yml" ]
      # end of Ops and build mode -----------------
    end
    # COMMON --------------------------------------
    # get Vagrant SSH key
    config.vm.provision "shell",
                      name: "get vagrant key",
                      inline: "/bin/cp -f /root/.vagrant/sshkey /vagrant/.vagrant/sshkey"
    firsttime = true
    playbooks.each do |play|
        node.vm.provision :ansible_local do |ansible|
            ansible.playbook             = play
            ansible.verbose              = "vv"
            ansible.raw_arguments        = [ '--diff' ]
            ansible.limit                = "all"
            ansible.tags                 = ansible_tags
            ansible.skip_tags            = ansible_skip_tags
            ansible.inventory_path       = "vagrant/inventory/hosts"
            if firsttime then
                ansible.install          = true
                ansible.galaxy_role_file = swift_requirements
                ansible.install_mode     = "pip"
                ansible.version          = "2.6.2"
                firsttime                = false
            else
                ansible.install          = false
            end
            ansible.extra_vars = {
                swift_instance: "Local",
                swift_stage: "development",
                swift_vagrant_username: swift_vagrant_hostuser,
            }
        end
    end
  # COMMON --------------------------------------
  end

end

Debug output

00:04:35.776     appserver: Installing pip... (for Ansible installation)
00:04:54.769 The following SSH command responded with a non-zero exit status.
00:04:54.769 Vagrant assumes that this means the command failed!
00:04:54.769 
00:04:54.769 curl https://bootstrap.pypa.io/get-pip.py | sudo python
00:04:54.769 
00:04:54.769 Stdout from the command:
00:04:54.769 
00:04:54.769 Collecting pip
00:04:54.769 
00:04:54.769 
00:04:54.769 Stderr from the command:
00:04:54.769 
00:04:54.769   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
00:04:54.769                                  Dload  Upload   Total   Spent    Left  Speed
00:04:54.769 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0 1604k    0  5025    0     0   2360      0  0:11:35  0:00:02  0:11:33  2361
 12 1604k   12  207k    0     0  67825      0  0:00:24  0:00:03  0:00:21 67847
 33 1604k   33  543k    0     0   131k      0  0:00:12  0:00:04  0:00:08  131k
 66 1604k   66 1071k    0     0   208k      0  0:00:07  0:00:05  0:00:02  208k
 97 1604k   97 1567k    0     0   255k      0  0:00:06  0:00:06 --:--:--  313k
100 1604k  100 1604k    0     0   260k      0  0:00:06  0:00:06 --:--:--  396k
00:04:54.769   Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl
00:04:54.769   Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl
00:04:54.769   Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl
00:04:54.769   Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl
00:04:54.769   Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl
00:04:54.769 Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))

Expected behavior

Should have installed pip and ansible and run the playbook.

Actual behavior

Fails to install pip and aborts

Steps to reproduce

  1. We have a minimal base image - Redhat Linux Enterprise (licensed and updated)
  2. vagrant up --provision

References

chrisroberts commented 6 years ago

Hi there. Are you running this on a network that requires use of a proxy?

mcc138 commented 6 years ago

Hi, yes the proxy was causing the problem. We have a non-authenticating proxy for build purposes but it appears now to require authentication. We have changed to an alternate proxy and the seems to have fixed the problem. Regards Matt

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.