-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
httplib.HTTPSConnection used even when HAS_SSL False #11918
Comments
Just realized you don't need GCE to confirm, probably, if you can just make Steps to Reproduce
|
hi @jedsmith I have the same problem fetching a tar.gz via https using get_url module (ansible 1.9.2) I can see this error:
part of the playbook: get_url: url=https://somehost/somefile.tar.gz dest=/tmp |
IIRC, the public module ssl wa added after the support for httpsconnection in httplib. So we're not actually checking for whether python was built against openssl. We're checking if the installed python is either recent enough to have the ssl module or has an addon package which provides the ssl module (See the python-2.4 documentation which has httpsconnection https://docs.python.org/release/2.4.4/lib/module-httplib.html but not an ssl module). I'm not sure if we want to have a separate guard for HTTPSConnection or if we would want to tell people to use the command module with curl or wget instead. Looking into how hard it would be to code a separate guard now.... |
I think it will be moderate to hard to implement this. I have a few other things to look into in urls.py so I'll try to squeeze this in as well but I can't absolutely promise it will get fixed in this round. As you saw when you tried to add it to the HAS_SSL guard, the code is not all straightforward. Most people on CoreOS install their own python. command module with curl and wget is another workaround. |
@albertux Note -- for your issue, you'll definitely need to get a different version of python or use the workaround of using curl and wget. You are trying to retrieve an https url. If python doesn't have support compiled in for using https then you won't be able to use get_url to retrieve the url. @jedsmith's problem is different as he's trying to retrieve a http url which theoretically shouldn't need support for the https protocol. |
…the required baseclasses. Fixes #11918
Thanks @abadger I ended using http instead of https |
Note - changes to fix this pushed to both stable-2.0 and devel. So the fix should be present in the 2.0 final release. |
Issue Type:
Ansible Version:
Ansible Configuration:
Environment:
Summary:
When Google vendors CoreOS for their platform, they include a Python interpreter for daemons owned by them since we do not ship one in the OS. Conveniently for me, I can then use this interpreter to manage Ansible, and this works fine for a pretty significant deployment at present.
The one roadblock is that this subclass blindly uses
httplib.HTTPSConnection
, even thoughimport ssl
was guarded further up. Google hasn't included OpenSSL in its build of Python, soimport ssl
fails (which setsHAS_SSL
toFalse
), which then implies thathttplib.HTTPSConnection
is nonexistent. There are obviously a couple solutions here, including Google recompiling Python with OpenSSL, but it seems like since work was put in to do theHAS_SSL
guard it should apply to the whole file.I'm trying to
get_url
a cleartext URL, so I don't need the extra TLS-centric functionality. I began writing a patch to guard this extra functionality underHAS_SSL
but I quickly lost the plot and broke Ansible inexplicably, so I'm just filing an issue instead.Steps To Reproduce:
ansible_python_interpreter=/usr/share/oem/python/bin/python2.7
.get_url
play.Expected Results:
Actual Results:
The text was updated successfully, but these errors were encountered: