search

thefinn93 / ansible-letsencrypt

An ansible role to generate TLS certificates and get them signed by Let's Encrypt
GNU General Public License v3.0
440 stars 122 forks source link

import name _remove_dead_weakref after apt upgrade #76

Open thomasrebele opened 1 year ago

thomasrebele commented 1 year ago

I've executed a apt upgrade on a Debian 11.6 and now I get these error messages with a new ansible-letsencrypt role

fatal: [**domain**]: FAILED! => {"changed": true, "cmd": ["/usr/local/share/letsencrypt/env/bin/letsencrypt", "-n", "--agree-tos", "--text", "-d", "**domain**", "-d", "www.**domain**", "--email", "**mail**", "--expand", "-a", "webroot", "--webroot-path", "/var/www/**path**/", "certonly"], "delta": "0:00:00.020913", "end": "2023-01-30 21:03:12.039327", "msg": "non-zero return code", "rc": 1, "start": "2023-01-30 21:03:12.018414", "stderr": "Traceback (most recent call last):\n  File \"/usr/local/share/letsencrypt/env/bin/letsencrypt\", line 7, in <module>\n    from certbot.main import main\n  File \"/usr/local/share/letsencrypt/env/local/lib/python2.7/site-packages/certbot/main.py\", line 4, in <module>\n    import logging.handlers\n  File \"/usr/lib/python2.7/logging/__init__.py\", line 26, in <module>\n    import sys, os, time, cStringIO, traceback, warnings, weakref, collections\n  File \"/usr/lib/python2.7/weakref.py\", line 14, in <module>\n    from _weakref import (\nImportError: cannot import name _remove_dead_weakref", "stderr_lines": ["Traceback (most recent call last):", "  File \"/usr/local/share/letsencrypt/env/bin/letsencrypt\", line 7, in <module>", "    from certbot.main import main", "  File \"/usr/local/share/letsencrypt/env/local/lib/python2.7/site-packages/certbot/main.py\", line 4, in <module>", "    import logging.handlers", "  File \"/usr/lib/python2.7/logging/__init__.py\", line 26, in <module>", "    import sys, os, time, cStringIO, traceback, warnings, weakref, collections", "  File \"/usr/lib/python2.7/weakref.py\", line 14, in <module>", "    from _weakref import (", "ImportError: cannot import name _remove_dead_weakref"], "stdout": "", "stdout_lines": []}
...ignoring

I've found several discussions (example) that recommend deleting the certbot-auto virtual environment to recreate it. Does the advice apply to this repo, too? If yes, how to do that? I've tried renaming /usr/local/share/letsencrypt/ to recreate it, but then ansible-letsencrypt complains that the directory has not been found.

thomasrebele commented 1 year ago

It seems that ansible-letsencrypt does not yet support Debian bullseye.

I've updated the buster block to add a condition for "bullseye" in tasks/main.yml:

  - name: install certbot (Debian stretch or buster)
    include: debian-stretch-buster.yml
    when: ansible_distribution == "Debian" and (ansible_distribution_release == "stretch" or ansible_distribution_release == "buster" or ansible_distribution_release == "bullseye" )

If this works I might consider a PR.

thomasrebele commented 1 year ago

Also I get several warnings:

[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `pkg: "{{item}}"`, please use `pkg: ['certbot']` and remove the 
loop. This feature will be removed from ansible-base in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

Not sure how to fix those.

centic9 commented 1 year ago

I use the following patch to add support for newer Ubuntu/Debian versions and remove some very outdated ones.

Index: README.md
===================================================================
--- README.md   (Revision 6269)
+++ README.md   (Revision 13557)
@@ -6,10 +6,14 @@
 the web server has been configured or even installed.

 # Supported platforms
-- Debian Jessie
 - Debian Stretch
 - Debian Buster
-- Ubuntu Xenial
+- Debian Bullseye
+- Debian Bookworm
+- Debian Sid
+- Ubuntu Focal
+- Ubuntu Jammy
+- Ubuntu Kinetic

 On other platforms this role will try to install letsencrypt using pip, which is not officially supported and may break over upgrades at least.

Index: tasks/ubuntu-xenial.yml
===================================================================
--- tasks/ubuntu-xenial.yml (Revision 6269)
+++ tasks/ubuntu-xenial.yml (nicht existent)
@@ -1,19 +0,0 @@
----
-- name: update the apt cache
-  apt: update_cache=yes cache_valid_time=7200
-  become: yes
-
-- name: add certbot apt ppa repository
-  apt_repository:
-    repo: "ppa:certbot/certbot"
-  become: yes
-
-- name: install certbot ubuntu
-  apt: pkg={{item}} state=latest
-  with_items:
-    - certbot
-  become: yes
-
-- name: change the path to letsencrypt
-  set_fact:
-    letsencrypt_path: "/usr/bin/letsencrypt"
Index: tasks/debian-jessie.yml
===================================================================
--- tasks/debian-jessie.yml (Revision 6269)
+++ tasks/debian-jessie.yml (nicht existent)
@@ -1,28 +0,0 @@
----
-- name: Add jessie backports
-  apt_repository:
-    repo: deb http://ftp.debian.org/debian jessie-backports main contrib non-free
-    state: present
-    filename: 'backports'
-  register: jbp_added
-  become: yes
-
-- name: update the apt cache
-  apt: update_cache=yes cache_valid_time=7200
-  become: yes
-
-# if jessie-backports has been added we should update the cache
-- name: force update the apt cache
-  apt: update_cache=yes
-  when: jbp_added.changed
-  become: yes
-
-- name: install certbot from backports
-  apt: pkg={{item}} default_release=jessie-backports state=latest
-  with_items:
-    - certbot
-  become: yes
-
-- name: change the path to letsencrypt
-  set_fact:
-    letsencrypt_path: "/usr/bin/letsencrypt"
Index: tasks/main.yml
===================================================================
--- tasks/main.yml  (Revision 6269)
+++ tasks/main.yml  (Revision 13557)
@@ -13,21 +13,37 @@
     when: virtualenv_package_name is not defined
     tags: install

-  - name: install certbot (Debian jessie)
-    include: debian-jessie.yml
-    when: ansible_distribution == "Debian" and ansible_distribution_release == "jessie"
-
-  - name: install certbot (Debian stretch or buster)
+  - name: install certbot (Debian Stretch or Buster)
     include: debian-stretch-buster.yml
     when: ansible_distribution == "Debian" and (ansible_distribution_release == "stretch" or ansible_distribution_release == "buster")

-  - name: install certbot (Ubuntu Xenial)
-    include: ubuntu-xenial.yml
-    when: ansible_distribution == "Ubuntu" and ansible_distribution_release == "xenial"
+  - name: install certbot (Debian Bullseye)
+    include: debian-bullseye.yml
+    when: ansible_distribution == "Debian" and ansible_distribution_release == "bullseye"

+  - name: install certbot (Debian Bookworm)
+    include: debian-bookworm.yml
+    when: ansible_distribution == "Debian" and ansible_distribution_release == "bookworm"
+
+  - name: install certbot (Debian Sid)
+    include: debian-sid.yml
+    when: ansible_distribution == "Debian" and ansible_distribution_release == "sid"
+
+  - name: install certbot (Ubuntu Focal)
+    include: ubuntu-focal.yml
+    when: ansible_distribution == "Ubuntu" and ansible_distribution_release == "focal"
+
+  - name: install certbot (Ubuntu Jammy)
+    include: ubuntu-jammy.yml
+    when: ansible_distribution == "Ubuntu" and ansible_distribution_release == "jammy"
+
+  - name: install certbot (Ubuntu Kinetic)
+    include: ubuntu-kinetic.yml
+    when: ansible_distribution == "Ubuntu" and ansible_distribution_release == "kinetic"
+
   - name: install certbot (using pip)
     include: install-with-pip.yml
-    when: ansible_distribution != "Debian" and (ansible_distribution != "Ubuntu" or ansible_distribution_release != "xenial")
+    when: ansible_distribution != "Debian" and ansible_distribution != "Ubuntu"

   - name: Ensure webroot exists
     file:
Index: tasks/ubuntu-kinetic.yml
===================================================================
--- tasks/ubuntu-kinetic.yml    (nicht existent)
+++ tasks/ubuntu-kinetic.yml    (Revision 13557)
@@ -0,0 +1,14 @@
+---
+- name: update the apt cache
+  apt: update_cache=yes cache_valid_time=7200
+  become: yes
+
+- name: install certbot ubuntu
+  apt: pkg={{item}} state=latest
+  with_items:
+    - certbot
+  become: yes
+
+- name: change the path to letsencrypt
+  set_fact:
+    letsencrypt_path: "/usr/bin/letsencrypt"
\ No newline at end of file
Index: tasks/ubuntu-jammy.yml
===================================================================
--- tasks/ubuntu-jammy.yml  (nicht existent)
+++ tasks/ubuntu-jammy.yml  (Revision 13557)
@@ -0,0 +1,14 @@
+---
+- name: update the apt cache
+  apt: update_cache=yes cache_valid_time=7200
+  become: yes
+
+- name: install certbot ubuntu
+  apt: pkg={{item}} state=latest
+  with_items:
+    - certbot
+  become: yes
+
+- name: change the path to letsencrypt
+  set_fact:
+    letsencrypt_path: "/usr/bin/letsencrypt"
\ No newline at end of file
Index: tasks/debian-bookworm.yml
===================================================================
--- tasks/debian-bookworm.yml   (nicht existent)
+++ tasks/debian-bookworm.yml   (Revision 13557)
@@ -0,0 +1,14 @@
+---
+- name: update the apt cache
+  apt: update_cache=yes cache_valid_time=7200
+  become: yes
+
+- name: install certbot
+  apt: pkg={{item}} state=latest
+  with_items:
+    - certbot
+  become: yes
+
+- name: change the path to letsencrypt
+  set_fact:
+    letsencrypt_path: "/usr/bin/letsencrypt"
Index: tasks/debian-bullseye.yml
===================================================================
--- tasks/debian-bullseye.yml   (nicht existent)
+++ tasks/debian-bullseye.yml   (Revision 13557)
@@ -0,0 +1,14 @@
+---
+- name: update the apt cache
+  apt: update_cache=yes cache_valid_time=7200
+  become: yes
+
+- name: install certbot
+  apt: pkg={{item}} state=latest
+  with_items:
+    - certbot
+  become: yes
+
+- name: change the path to letsencrypt
+  set_fact:
+    letsencrypt_path: "/usr/bin/letsencrypt"
Index: tasks/debian-sid.yml
===================================================================
--- tasks/debian-sid.yml    (nicht existent)
+++ tasks/debian-sid.yml    (Revision 13557)
@@ -0,0 +1,14 @@
+---
+- name: update the apt cache
+  apt: update_cache=yes cache_valid_time=7200
+  become: yes
+
+- name: install certbot
+  apt: pkg={{item}} state=latest
+  with_items:
+    - certbot
+  become: yes
+
+- name: change the path to letsencrypt
+  set_fact:
+    letsencrypt_path: "/usr/bin/letsencrypt"
Index: tasks/ubuntu-focal.yml
===================================================================
--- tasks/ubuntu-focal.yml  (nicht existent)
+++ tasks/ubuntu-focal.yml  (Revision 13557)
@@ -0,0 +1,14 @@
+---
+- name: update the apt cache
+  apt: update_cache=yes cache_valid_time=7200
+  become: yes
+
+- name: install certbot ubuntu
+  apt: pkg={{item}} state=latest
+  with_items:
+    - certbot
+  become: yes
+
+- name: change the path to letsencrypt
+  set_fact:
+    letsencrypt_path: "/usr/bin/letsencrypt"
\ No newline at end of file