httplib.HTTPSConnection used even when HAS_SSL False #11918
Comments
|
Just realized you don't need GCE to confirm, probably, if you can just make Steps to Reproduce
|
|
hi @jedsmith I have the same problem fetching a tar.gz via https using get_url module (ansible 1.9.2) I can see this error:
part of the playbook: get_url: url=https://somehost/somefile.tar.gz dest=/tmp |
|
IIRC, the public module ssl wa added after the support for httpsconnection in httplib. So we're not actually checking for whether python was built against openssl. We're checking if the installed python is either recent enough to have the ssl module or has an addon package which provides the ssl module (See the python-2.4 documentation which has httpsconnection https://docs.python.org/release/2.4.4/lib/module-httplib.html but not an ssl module). I'm not sure if we want to have a separate guard for HTTPSConnection or if we would want to tell people to use the command module with curl or wget instead. Looking into how hard it would be to code a separate guard now.... |
|
I think it will be moderate to hard to implement this. I have a few other things to look into in urls.py so I'll try to squeeze this in as well but I can't absolutely promise it will get fixed in this round. As you saw when you tried to add it to the HAS_SSL guard, the code is not all straightforward. Most people on CoreOS install their own python. command module with curl and wget is another workaround. |
|
@albertux Note -- for your issue, you'll definitely need to get a different version of python or use the workaround of using curl and wget. You are trying to retrieve an https url. If python doesn't have support compiled in for using https then you won't be able to use get_url to retrieve the url. @jedsmith's problem is different as he's trying to retrieve a http url which theoretically shouldn't need support for the https protocol. |
…the required baseclasses. Fixes #11918
|
Thanks @abadger I ended using http instead of https |
|
Note - changes to fix this pushed to both stable-2.0 and devel. So the fix should be present in the 2.0 final release. |
Issue Type:
Ansible Version:
Ansible Configuration:
Environment:
Summary:
When Google vendors CoreOS for their platform, they include a Python interpreter for daemons owned by them since we do not ship one in the OS. Conveniently for me, I can then use this interpreter to manage Ansible, and this works fine for a pretty significant deployment at present.
The one roadblock is that this subclass blindly uses
httplib.HTTPSConnection, even thoughimport sslwas guarded further up. Google hasn't included OpenSSL in its build of Python, soimport sslfails (which setsHAS_SSLtoFalse), which then implies thathttplib.HTTPSConnectionis nonexistent. There are obviously a couple solutions here, including Google recompiling Python with OpenSSL, but it seems like since work was put in to do theHAS_SSLguard it should apply to the whole file.I'm trying to
get_urla cleartext URL, so I don't need the extra TLS-centric functionality. I began writing a patch to guard this extra functionality underHAS_SSLbut I quickly lost the plot and broke Ansible inexplicably, so I'm just filing an issue instead.Steps To Reproduce:
ansible_python_interpreter=/usr/share/oem/python/bin/python2.7.get_urlplay.Expected Results:
Actual Results:
The text was updated successfully, but these errors were encountered: