Add SNI support via pip
Some Linux distribution releases, such as CentOS 7 and Xenial, have trouble validating SSL certificates when using get_url with servers that use Server Name Indication (SNI). This patch adds packages for those distributions that allow Python to validate connections with servers using SNI. Change-Id: Idcf773e16d62d2ad76d9341177dd4d6c3e410af3 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
6742c05efb
commit
30d59585e8
|
@ -23,14 +23,23 @@ pip_fallback_url: https://raw.githubusercontent.com/pypa/get-pip/master/get-pip.
|
|||
pip_offline_install: false
|
||||
pip_tmp_packages: /tmp/pip_install
|
||||
|
||||
# Allow the deployer to enable binary installation of pip using a distro package
|
||||
pip_binary_install: true
|
||||
|
||||
# Additional options that you might want to pass to "get-pip.py" when installing pip.
|
||||
# Default `pip_get_pip_options` is an empty string.
|
||||
pip_get_pip_options: ""
|
||||
pip_source_install_options: ""
|
||||
|
||||
# This list var can be used to specify specific versions of pip, setuptools,
|
||||
# wheel and any other packages which must be installed when pip installs.
|
||||
pip_packages: []
|
||||
|
||||
pip_required_packages:
|
||||
- pyOpenSSL # SSL SNI support
|
||||
- pyasn1 # SSL SNI support
|
||||
- ndg-httpsclient # SSL SNI support
|
||||
|
||||
# Validate Certificates when downloading pip. May be set to "no" when proxy server
|
||||
# is intercepting the certificates.
|
||||
pip_validate_certs: "yes"
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
# Copyright 2016, Logan Vig <logan2211@gmail.com>
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: install_online.yml
|
||||
when:
|
||||
- not pip_offline_install | bool
|
||||
- not pip_binary_install | bool
|
||||
|
||||
- include: install_offline.yml
|
||||
when:
|
||||
- pip_offline_install | bool
|
||||
- not pip_binary_install | bool
|
||||
|
||||
- include: install_binary.yml
|
||||
when:
|
||||
- pip_binary_install | bool
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Install python-pip (yum)
|
||||
yum:
|
||||
pkg: "{{ python_pip_package }}"
|
||||
state: "latest"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when:
|
||||
- ansible_pkg_mgr == 'yum'
|
||||
|
||||
- name: Install python-pip (apt)
|
||||
apt:
|
||||
pkg: "{{ python_pip_package }}"
|
||||
state: "latest"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when:
|
||||
- ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Install required pip packages
|
||||
pip:
|
||||
name: "{{ pip_packages | map('quote') | join (' ') }} {{ pip_required_packages | map('quote') | join(' ') }}"
|
||||
state: latest
|
||||
extra_args: "--upgrade --force-reinstall"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
|
@ -58,7 +58,8 @@
|
|||
- pip-install-local
|
||||
|
||||
- name: pip cache install files locally
|
||||
local_action: shell python /tmp/get-pip.py -d '{{ pip_tmp_packages | quote }}' {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}
|
||||
local_action: >
|
||||
shell python /tmp/get-pip.py -d '{{ pip_tmp_packages | quote }}' {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}
|
||||
register: pip_local_cache
|
||||
until: pip_local_cache | success
|
||||
retries: 3
|
||||
|
@ -80,22 +81,6 @@
|
|||
- pip-install-cache-distribute
|
||||
- pip-install
|
||||
|
||||
- name: Install PIP
|
||||
shell: "python /opt/get-pip.py --no-index --find-links={{ pip_tmp_packages | quote }} {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
||||
ignore_errors: true
|
||||
register: pip_install
|
||||
until: pip_install | success
|
||||
retries: 3
|
||||
delay: 2
|
||||
|
||||
- name: Install PIP (fall back mode)
|
||||
shell: "python /opt/get-pip.py --isolated --no-index --find-links={{ pip_tmp_packages | quote }} {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
||||
when: pip_install.rc != 0
|
||||
register: pip_install_fall_back
|
||||
until: pip_install_fall_back | success
|
||||
retries: 3
|
||||
delay: 2
|
||||
|
||||
- name: Clean up local get-pip.py
|
||||
local_action:
|
||||
module: file
|
||||
|
@ -114,9 +99,8 @@
|
|||
tags:
|
||||
- pip-install-cleanup
|
||||
|
||||
- name: Clean up remote install files
|
||||
file:
|
||||
path: "{{ pip_tmp_packages }}"
|
||||
state: absent
|
||||
tags:
|
||||
- pip-install-cleanup
|
||||
- name: Set source install pip_get_pip_options
|
||||
set_fact:
|
||||
pip_source_install_options: "--no-index --find-links={{ pip_tmp_packages | quote }}"
|
||||
|
||||
- include: install_source.yml
|
||||
|
|
|
@ -41,18 +41,4 @@
|
|||
tags:
|
||||
- pip-install-script
|
||||
|
||||
- name: Install PIP
|
||||
shell: "python /opt/get-pip.py {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
||||
ignore_errors: true
|
||||
register: pip_install
|
||||
until: pip_install | success
|
||||
retries: 3
|
||||
delay: 2
|
||||
|
||||
- name: Install PIP (fall back mode)
|
||||
shell: "python /opt/get-pip.py --isolated {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
||||
when: pip_install.rc != 0
|
||||
register: pip_install_fall_back
|
||||
until: pip_install_fall_back | success
|
||||
retries: 3
|
||||
delay: 2
|
||||
- include: install_source.yml
|
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Install PIP
|
||||
shell: |
|
||||
python /opt/get-pip.py {{ pip_source_install_options }} \
|
||||
{{ pip_get_pip_options }} \
|
||||
{{ pip_packages | map('quote') | join (' ') }} \
|
||||
{{ pip_required_packages | map('quote') | join(' ') }}
|
||||
ignore_errors: true
|
||||
register: pip_install
|
||||
until: pip_install | success
|
||||
retries: 3
|
||||
delay: 2
|
||||
|
||||
- name: Install PIP (fall back mode)
|
||||
shell: |
|
||||
python /opt/get-pip.py --isolated {{ pip_source_install_options }} \
|
||||
{{ pip_get_pip_options }} \
|
||||
{{ pip_packages | map('quote') | join (' ') }} \
|
||||
{{ pip_required_packages | map('quote') | join(' ') }}
|
||||
when: pip_install.rc != 0
|
||||
register: pip_install_fall_back
|
||||
until: pip_install_fall_back | success
|
||||
retries: 3
|
||||
delay: 2
|
||||
|
||||
- name: Clean up remote install files
|
||||
file:
|
||||
path: "{{ pip_tmp_packages }}"
|
||||
state: absent
|
||||
tags:
|
||||
- pip-install-cleanup
|
|
@ -13,6 +13,17 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- include: configure.yml
|
||||
tags:
|
||||
- pip-configuration
|
||||
|
@ -21,12 +32,6 @@
|
|||
when:
|
||||
- pip_lock_to_internal_repo | bool
|
||||
|
||||
- include: install_online.yml
|
||||
when: not pip_offline_install | bool
|
||||
- include: install.yml
|
||||
tags:
|
||||
- pip-install
|
||||
|
||||
- include: install_offline.yml
|
||||
when: pip_offline_install | bool
|
||||
tags:
|
||||
- pip-install
|
||||
- pip-install
|
|
@ -22,10 +22,6 @@
|
|||
roles:
|
||||
- role: "{{ rolename | basename }}"
|
||||
post_tasks:
|
||||
- name: Check get-pip.py file
|
||||
stat:
|
||||
path: /opt/get-pip.py
|
||||
register: get_pip_file
|
||||
- name: Check .pip directory
|
||||
stat:
|
||||
path: "{{ ansible_env.HOME}}/.cache/pip"
|
||||
|
@ -43,7 +39,6 @@
|
|||
- name: Check role functions
|
||||
assert:
|
||||
that:
|
||||
- "get_pip_file.stat.exists"
|
||||
- "pip_dir.stat.isdir"
|
||||
- "pip_selfcheck_file.stat.exists"
|
||||
- "'pip 8.0.3 ' in pip_version.stdout"
|
||||
- "pip_version.stdout | search('8.0.3')"
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
python_pip_package: python-pip
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
python_pip_package: python-pip
|
Loading…
Reference in New Issue