Fixes commit a28eb94, which broke validate_certs = False for python <… #34887
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ansibot
added
affects_2.5
MikeKlebolt
changed the title
|
Can you explain in more detail how this is failing? We shouldn't be doing specific version checks like this, as vendors are known to backport changes like this into older versions. Instead we should rely on functionality tests. |
sivel
removed
the
needs_triage
|
The ssl module doesn't have _create_unverified_context in python < 2.7.9, causing the error below. <localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1516036846.26-125420619837893 `" && echo ansible-tmp-1516036846.26-125420619837893="` echo /tmp/ansible-tmp-1516036846.26-125420619837893 `" ) && sleep 0'
<localhost> PUT /tmp/tmpZGfkK5 TO /tmp/ansible-tmp-1516036846.26-125420619837893/vsphere_guest.py
<localhost> EXEC /bin/sh -c 'chmod u+x /tmp/ansible-tmp-1516036846.26-125420619837893/ /tmp/ansible-tmp-1516036846.26-125420619837893/vsphere_guest.py && sleep 0'
<redacted>
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_Dw4Ecm/ansible_module_vsphere_guest.py", line 1933, in <module>
main()
File "/tmp/ansible_Dw4Ecm/ansible_module_vsphere_guest.py", line 1802, in main
ssl._create_default_https_context = ssl._create_unverified_context
AttributeError: 'module' object has no attribute '_create_unverified_context'
fatal: [10.12.32.116 -> localhost]: FAILED! => {
"attempts": 1,
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_Dw4Ecm/ansible_module_vsphere_guest.py\", line 1933, in <module>\n main()\n File \"/tmp/ansible_Dw4Ecm/ansible_module_vsphere_guest.py\", line 1802, in main\n ssl._create_default_https_context = ssl._create_unverified_context\nAttributeError: 'module' object has no attribute '_create_unverified_context'\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
}- name: Create the VM
vsphere_guest:
vcenter_hostname: "{{ vcenter_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
validate_certs: False
cluster: "{{ cluster }}"
guest: "{{ guest }}"
state: present
vm_hardware:
memory_mb: "{{ memory_gb|int * 1024 }}"
num_cpus: "{{ num_cpus|int }}"
osid: "{{ osid }}"
scsi: "{{ scsi }}"
vm_cdrom:
type: "client"
vm_disk: "{{ disks }}"
vm_nic: "{{ nics }}"
esxi:
datacenter: "{{ datacenter }}"
hostname: "{{ hostname }}" |
|
I believe we need to expand our logic at If As you can see in that logic, we are also checking for functionality, and not just doing a version comparison. I don't think we should silently ignore a value that is passed in by the user. |
|
The test |
ansibot
added
ci_verified
|
I'm not sure I completely follow what you're saying. Are you thinking something like this instead or am I misunderstanding? if validate_certs and not hasattr(ssl, 'SSLContext') and not vcenter_hostname.startswith('http://'):
module.fail_json(msg='pysphere does not support verifying certificates with python < 2.7.9. Either update python or set '
'validate_certs=False on the task')
if not validate_certs and hasattr(ssl, 'SSLContext'):
ssl._create_default_https_context = ssl._create_unverified_context |
That is partially correct. We should check for functionality, not for a specific version. However, I was saying, that if a user explicitly tries to influence the results of certification verification, either with a @Akasurde will need to review. |
|
Cool. I've updated my commit to reflect what we've discussed for the the time being. |
ansibot
added
community_review
ansibot
added
the
stale_ci
ansibot
added
needs_rebase
|
@MikeKlebolt Are you still working on this ? Also, Could you please add In one of the IRC meeting of VMware SIG, we decided to merge all vsphere_guest PRs based on Let me know if you need any other information. |
|
@Akasurde, I have recently switched to the vmware_guest module after finding out that this module was being deprecated. Anyways, here is the vvvv output for you. TASK [Preparation : Create the VM] ****************************************************************************************************
task path: /etc/ansible/roles/Preparation/tasks/prepareVM.yml:187
Using module file /data01/ansible/lib/ansible/modules/cloud/vmware/vsphere_guest.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /tmp/ansible-local-13403ONMcxi/ansible-tmp-1519051847.41-243491483079223 `" && echo ansible-tmp-1519051847.41-243491483079223="` echo /tmp/ansible-local-13403ONMcxi/ansible-tmp-1519051847.41-243491483079223 `" ) && sleep 0'
<localhost> PUT /tmp/ansible-local-13403ONMcxi/tmpYxxoxa TO /tmp/ansible-local-13403ONMcxi/ansible-tmp-1519051847.41-243491483079223/vsphere_guest.py
<localhost> EXEC /bin/sh -c 'chmod u+x /tmp/ansible-local-13403ONMcxi/ansible-tmp-1519051847.41-243491483079223/ /tmp/ansible-local-13403ONMcxi/ansible-tmp-1519051847.41-243491483079223/vsphere_guest.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /tmp/ansible-local-13403ONMcxi/ansible-tmp-1519051847.41-243491483079223/vsphere_guest.py && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_2lDCBn/ansible_module_vsphere_guest.py", line 1933, in <module>
main()
File "/tmp/ansible_2lDCBn/ansible_module_vsphere_guest.py", line 1802, in main
ssl._create_default_https_context = ssl._create_unverified_context
AttributeError: 'module' object has no attribute '_create_unverified_context'
fatal: [10.12.32.120 -> localhost]: FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_2lDCBn/ansible_module_vsphere_guest.py\", line 1933, in <module>\n main()\n File \"/tmp/ansible_2lDCBn/ansible_module_vsphere_guest.py\", line 1802, in main\n ssl._create_default_https_context = ssl._create_unverified_context\nAttributeError: 'module' object has no attribute '_create_unverified_context'\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 1
} |
|
@MikeKlebolt Thanks for output. Sorry for not being specific about logs. I meant about success output of |
|
My mistake...here you go. Using module file /data01/ansible/lib/ansible/modules/cloud/vmware/_vsphere_guest.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1519056036.42-15896784017891 `" && echo ansible-tmp-151905
6036.42-15896784017891="` echo /tmp/ansible-tmp-1519056036.42-15896784017891 `" ) && sleep 0'
<localhost> PUT /tmp/ansible-local-16062MJVCiN/tmpBv0bjh TO /tmp/ansible-tmp-1519056036.42-15896784017891/_vsphere_guest.py
<localhost> EXEC /bin/sh -c 'chmod u+x /tmp/ansible-tmp-1519056036.42-15896784017891/ /tmp/ansible-tmp-1519056036.42-15896784017891/_vs
phere_guest.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /tmp/ansible-tmp-1519056036.42-15896784017891/_vsphere_guest.py && sleep
0'
<localhost> EXEC /bin/sh -c 'rm -f -r /tmp/ansible-tmp-1519056036.42-15896784017891/ > /dev/null 2>&1 && sleep 0'
[DEPRECATION WARNING]: The 'vsphere_guest' module has been deprecated. Use 'vmware_guest' instead.. This feature will be removed in
version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [10.12.32.120 -> localhost] => {
"changed": false,
"failed": false,
"invocation": {
"module_args": {
"cluster": "clustername",
"esxi": {
"datacenter": "datacenter",
"hostname": "hostname"
},
"force": false,
"from_template": null,
"guest": "guestname",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"power_on_after_clone": true,
"resource_pool": null,
"snapshot_to_clone": null,
"state": "present",
"template_src": null,
"username": "user@domain.com",
"validate_certs": false,
"vcenter_hostname": "10.10.10.10",
"vm_disk": {
"disk1": {
"datastore": "local-datastore",
"size_gb": 20,
"type": "thin"
}
},
"vm_hardware": {
"memory_mb": "1024",
"num_cpus": "1",
"osid": "rhel6_64Guest",
"scsi": "paravirtual",
"vm_cdrom": {
"type": "client"
}
},
"vm_hw_version": null,
"vm_nic": {
"nic1": {
"network": "jumpkick",
"network_type": "standard",
"type": "vmxnet3"
}
},
"vmware_guest_facts": null
}
}
}
} |
|
@MikeKlebolt Thanks for output. One more thing - rebase this branch and we will merge it. |
|
@MikeKlebolt This PR contains |
|
Fixing this now. |
MikeKlebolt
force-pushed
the
vsphere_guest_python_version_check
branch
from
1689010
to
e9b54f0
Compare
ansibot
added
deprecated
ansibot
added
stale_ci
|
Hi @Akasurde, is this still making it in to 2.5? |
|
rebuild_merge |
ansibot
removed
the
stale_ci
|
@MikeKlebolt I will backport this to 2.5 |
Akasurde
pushed a commit
to Akasurde/ansible
that referenced
this pull request
Mar 5, 2018
… 2.7.9 (ansible#34887) (cherry picked from commit ce416f2)
|
@MikeKlebolt Backport PR #37018 |
willthames
pushed a commit
to willthames/ansible
that referenced
this pull request
Mar 6, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Fixes commit a28eb94, which broke validate_certs = False for python < 2.7.9
ISSUE TYPE
COMPONENT NAME
vsphere_guest
ANSIBLE VERSION
ADDITIONAL INFORMATION
If the vsphere_guest module is used with validate_certs = False and your python version is < 2.7.9. The following line is evaluated in the module which results in the module failing.
diff