Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ansible 2.4 - the python pyOpenSSL module is required even if its already installed #30469

Closed
aaratn opened this issue Sep 17, 2017 · 8 comments
Closed

Ansible 2.4 - the python pyOpenSSL module is required even if its already installed #30469

aaratn opened this issue Sep 17, 2017 · 8 comments
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. crypto Crypto community (ACME, openssl, letsencrypt) module This issue/PR relates to a module. python3 support:community This issue/PR relates to code supported by the Ansible community.

Comments

@aaratn
Copy link

aaratn commented Sep 17, 2017

ISSUE TYPE
  • Bug Report
COMPONENT NAME
  • openssl_csr
ANSIBLE VERSION
ansible 2.4.0.0
  config file = None
  configured module search path = ['/home/tecstub/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.5/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.5.2 (default, Nov 17 2016, 17:05:23) [GCC 5.4.0 20160609]
CONFIGURATION
OS / ENVIRONMENT
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
SUMMARY
STEPS TO REPRODUCE
  • sudo pip install pyopenssl
  • sudo pip install git+git://github.com/ansible/ansible.git@stable-2.4
- name: Generate CSR
  openssl_csr:
    path: '/etc/ssl/domains/csr/{{item}}.csr'
    privatekey_path: /etc/ssl/private/server.key
    common_name: '{{item}}'
  with_items:
    - "{{configured_urls}}"
EXPECTED RESULTS

CSR to be generated

ACTUAL RESULTS
TASK [config : Generate CSR] ***************************************************
failed: [192.168.1.5] (item=url1.someurl.com) => {"changed": false, "failed": true, "item": "url1.someurl.com", "msg": "the python pyOpenSSL module is required"}
failed: [192.168.1.5] (item=url2.someurl.com) => {"changed": false, "failed": true, "item": "url2.someurl.com", "msg": "the python pyOpenSSL module is required"}
failed: [192.168.1.5] (item=url3.someurl.com) => {"changed": false, "failed": true, "item": "url3.someurl.com", "msg": "the python pyOpenSSL module is required"}
failed: [192.168.1.5] (item=url4.someurl.com) => {"changed": false, "failed": true, "item": "url4.someurl.com", "msg": "the python pyOpenSSL module is required"}
failed: [192.168.1.5] (item=url5.someurl.com) => {"changed": false, "failed": true, "item": "url5.someurl.com", "msg": "the python pyOpenSSL module is required"}

OpenSSL Details

$pip show pyopenssl
Name: pyOpenSSL
Version: 17.3.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: Hynek Schlawack
Author-email: hs@ox.cx
License: Apache License, Version 2.0
Location: /usr/local/lib/python3.5/dist-packages
Requires: six, cryptography
@ansibot
Copy link
Contributor

ansibot commented Sep 17, 2017

cc @Spredzy
click here for bot help

@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 bug_report module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. python3 support:community This issue/PR relates to code supported by the Ansible community. labels Sep 17, 2017
@andreaso
Copy link
Contributor

Based on your description it looks like you installed pyOpenSSL on the Ansible control node. Do you also have it installed on the 192.168.1.5 node?

@aaratn
Copy link
Author

aaratn commented Sep 17, 2017

@andreaso

Thanks for prompt revert, no the destination server doesnt have pyOpenSSL installed as Ansible Control node will be managing that host. Does it needs to be installed on the Destination Host ?

@Spredzy
Copy link
Contributor

Spredzy commented Sep 17, 2017
edited

@aaratn correct, pyOpenSSL needs to be installed where the module is actually run in your case 192.168.1.5.

If for some reasons you don't want to install pyOpenSSL on your managed nodes, you can still install pyOpenSSL on the control node, generate the openssl_privatekey (if needed) and openssl_csr on the control node and then use the copy module to put them on the desired node, this way pyOpenSSL is only installed on the control node and yet you can enjoy the benefit of this module.

@ansibot ansibot removed the needs_triage Needs a first human triage before being processed. label Sep 17, 2017
@bcoca
Copy link
Member

bcoca commented Sep 17, 2017

closing as per above

@bcoca bcoca closed this as completed Sep 17, 2017
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 7, 2018
@puckettgw
Copy link

puckettgw commented Oct 13, 2018
edited

I'm running into the same issue, only my target node does have pyopenssl installed:

TASK [Generate private key] ***************************************************************************************
failed: [localhost -> 34.239.154.123] (item=34.239.154.123) => {"changed": false, "item": "34.239.154.123", "msg": "the python pyOpenSSL module is required"}
	to retry, use: --limit @/mnt/playbook.retry


ubuntu@ip-10-13-37-249:~$ pip show pyopenssl
---
Name: pyOpenSSL
Version: 0.15
Location: /usr/local/lib/python2.7/dist-packages
Requires: six, cryptography
ubuntu@ip-10-13-37-249:~$ pip3 show pyopenssl
---
Name: pyOpenSSL
Version: 0.15
Location: /usr/local/lib/python3.4/dist-packages
Requires: six, cryptography

@puckettgw
Copy link

Turns out I needed to manually install the 'enum' module via pip. That was missing and it caused the cryptography module to build.... crappily, but still there, which allowed pyOpenSSL to 'install' but not actually function.

@rchicoli
Copy link

rchicoli commented Nov 6, 2018

Good news. I had the same issue, because I was running ansible from alpine. Installing the dependency from pip did not help much. The workaround for this was to install via apk.

apk add --no-cache py-openssl

I hope it helps someone.

@ansible ansible locked and limited conversation to collaborators Nov 6, 2018
@dagwieers dagwieers added the crypto Crypto community (ACME, openssl, letsencrypt) label Feb 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. crypto Crypto community (ACME, openssl, letsencrypt) module This issue/PR relates to a module. python3 support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@andreaso @dagwieers @bcoca @Spredzy @puckettgw @aaratn @ansibot @rchicoli