Add SNI support via pip
Some Linux distribution releases, such as CentOS 7 and Xenial, have trouble validating SSL certificates when using get_url with servers that use Server Name Indication (SNI). This patch adds packages for those distributions that allow Python to validate connections with servers using SNI. Change-Id: Idcf773e16d62d2ad76d9341177dd4d6c3e410af3 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
6742c05efb
commit
30d59585e8
|
@ -23,14 +23,23 @@ pip_fallback_url: https://raw.githubusercontent.com/pypa/get-pip/master/get-pip.
|
||||||
pip_offline_install: false
|
pip_offline_install: false
|
||||||
pip_tmp_packages: /tmp/pip_install
|
pip_tmp_packages: /tmp/pip_install
|
||||||
|
|
||||||
|
# Allow the deployer to enable binary installation of pip using a distro package
|
||||||
|
pip_binary_install: true
|
||||||
|
|
||||||
# Additional options that you might want to pass to "get-pip.py" when installing pip.
|
# Additional options that you might want to pass to "get-pip.py" when installing pip.
|
||||||
# Default `pip_get_pip_options` is an empty string.
|
# Default `pip_get_pip_options` is an empty string.
|
||||||
pip_get_pip_options: ""
|
pip_get_pip_options: ""
|
||||||
|
pip_source_install_options: ""
|
||||||
|
|
||||||
# This list var can be used to specify specific versions of pip, setuptools,
|
# This list var can be used to specify specific versions of pip, setuptools,
|
||||||
# wheel and any other packages which must be installed when pip installs.
|
# wheel and any other packages which must be installed when pip installs.
|
||||||
pip_packages: []
|
pip_packages: []
|
||||||
|
|
||||||
|
pip_required_packages:
|
||||||
|
- pyOpenSSL # SSL SNI support
|
||||||
|
- pyasn1 # SSL SNI support
|
||||||
|
- ndg-httpsclient # SSL SNI support
|
||||||
|
|
||||||
# Validate Certificates when downloading pip. May be set to "no" when proxy server
|
# Validate Certificates when downloading pip. May be set to "no" when proxy server
|
||||||
# is intercepting the certificates.
|
# is intercepting the certificates.
|
||||||
pip_validate_certs: "yes"
|
pip_validate_certs: "yes"
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
# Copyright 2016, Logan Vig <logan2211@gmail.com>
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- include: install_online.yml
|
||||||
|
when:
|
||||||
|
- not pip_offline_install | bool
|
||||||
|
- not pip_binary_install | bool
|
||||||
|
|
||||||
|
- include: install_offline.yml
|
||||||
|
when:
|
||||||
|
- pip_offline_install | bool
|
||||||
|
- not pip_binary_install | bool
|
||||||
|
|
||||||
|
- include: install_binary.yml
|
||||||
|
when:
|
||||||
|
- pip_binary_install | bool
|
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
# Copyright 2014, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Install python-pip (yum)
|
||||||
|
yum:
|
||||||
|
pkg: "{{ python_pip_package }}"
|
||||||
|
state: "latest"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
when:
|
||||||
|
- ansible_pkg_mgr == 'yum'
|
||||||
|
|
||||||
|
- name: Install python-pip (apt)
|
||||||
|
apt:
|
||||||
|
pkg: "{{ python_pip_package }}"
|
||||||
|
state: "latest"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
when:
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
|
|
||||||
|
- name: Install required pip packages
|
||||||
|
pip:
|
||||||
|
name: "{{ pip_packages | map('quote') | join (' ') }} {{ pip_required_packages | map('quote') | join(' ') }}"
|
||||||
|
state: latest
|
||||||
|
extra_args: "--upgrade --force-reinstall"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
|
@ -58,7 +58,8 @@
|
||||||
- pip-install-local
|
- pip-install-local
|
||||||
|
|
||||||
- name: pip cache install files locally
|
- name: pip cache install files locally
|
||||||
local_action: shell python /tmp/get-pip.py -d '{{ pip_tmp_packages | quote }}' {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}
|
local_action: >
|
||||||
|
shell python /tmp/get-pip.py -d '{{ pip_tmp_packages | quote }}' {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}
|
||||||
register: pip_local_cache
|
register: pip_local_cache
|
||||||
until: pip_local_cache | success
|
until: pip_local_cache | success
|
||||||
retries: 3
|
retries: 3
|
||||||
|
@ -80,22 +81,6 @@
|
||||||
- pip-install-cache-distribute
|
- pip-install-cache-distribute
|
||||||
- pip-install
|
- pip-install
|
||||||
|
|
||||||
- name: Install PIP
|
|
||||||
shell: "python /opt/get-pip.py --no-index --find-links={{ pip_tmp_packages | quote }} {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
|
||||||
ignore_errors: true
|
|
||||||
register: pip_install
|
|
||||||
until: pip_install | success
|
|
||||||
retries: 3
|
|
||||||
delay: 2
|
|
||||||
|
|
||||||
- name: Install PIP (fall back mode)
|
|
||||||
shell: "python /opt/get-pip.py --isolated --no-index --find-links={{ pip_tmp_packages | quote }} {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
|
||||||
when: pip_install.rc != 0
|
|
||||||
register: pip_install_fall_back
|
|
||||||
until: pip_install_fall_back | success
|
|
||||||
retries: 3
|
|
||||||
delay: 2
|
|
||||||
|
|
||||||
- name: Clean up local get-pip.py
|
- name: Clean up local get-pip.py
|
||||||
local_action:
|
local_action:
|
||||||
module: file
|
module: file
|
||||||
|
@ -114,9 +99,8 @@
|
||||||
tags:
|
tags:
|
||||||
- pip-install-cleanup
|
- pip-install-cleanup
|
||||||
|
|
||||||
- name: Clean up remote install files
|
- name: Set source install pip_get_pip_options
|
||||||
file:
|
set_fact:
|
||||||
path: "{{ pip_tmp_packages }}"
|
pip_source_install_options: "--no-index --find-links={{ pip_tmp_packages | quote }}"
|
||||||
state: absent
|
|
||||||
tags:
|
- include: install_source.yml
|
||||||
- pip-install-cleanup
|
|
||||||
|
|
|
@ -41,18 +41,4 @@
|
||||||
tags:
|
tags:
|
||||||
- pip-install-script
|
- pip-install-script
|
||||||
|
|
||||||
- name: Install PIP
|
- include: install_source.yml
|
||||||
shell: "python /opt/get-pip.py {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
|
||||||
ignore_errors: true
|
|
||||||
register: pip_install
|
|
||||||
until: pip_install | success
|
|
||||||
retries: 3
|
|
||||||
delay: 2
|
|
||||||
|
|
||||||
- name: Install PIP (fall back mode)
|
|
||||||
shell: "python /opt/get-pip.py --isolated {{ pip_get_pip_options }} {{ pip_packages | map('quote') | join (' ') }}"
|
|
||||||
when: pip_install.rc != 0
|
|
||||||
register: pip_install_fall_back
|
|
||||||
until: pip_install_fall_back | success
|
|
||||||
retries: 3
|
|
||||||
delay: 2
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Install PIP
|
||||||
|
shell: |
|
||||||
|
python /opt/get-pip.py {{ pip_source_install_options }} \
|
||||||
|
{{ pip_get_pip_options }} \
|
||||||
|
{{ pip_packages | map('quote') | join (' ') }} \
|
||||||
|
{{ pip_required_packages | map('quote') | join(' ') }}
|
||||||
|
ignore_errors: true
|
||||||
|
register: pip_install
|
||||||
|
until: pip_install | success
|
||||||
|
retries: 3
|
||||||
|
delay: 2
|
||||||
|
|
||||||
|
- name: Install PIP (fall back mode)
|
||||||
|
shell: |
|
||||||
|
python /opt/get-pip.py --isolated {{ pip_source_install_options }} \
|
||||||
|
{{ pip_get_pip_options }} \
|
||||||
|
{{ pip_packages | map('quote') | join (' ') }} \
|
||||||
|
{{ pip_required_packages | map('quote') | join(' ') }}
|
||||||
|
when: pip_install.rc != 0
|
||||||
|
register: pip_install_fall_back
|
||||||
|
until: pip_install_fall_back | success
|
||||||
|
retries: 3
|
||||||
|
delay: 2
|
||||||
|
|
||||||
|
- name: Clean up remote install files
|
||||||
|
file:
|
||||||
|
path: "{{ pip_tmp_packages }}"
|
||||||
|
state: absent
|
||||||
|
tags:
|
||||||
|
- pip-install-cleanup
|
|
@ -13,6 +13,17 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Gather variables for each operating system
|
||||||
|
include_vars: "{{ item }}"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
||||||
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
||||||
|
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
||||||
|
- "{{ ansible_distribution | lower }}.yml"
|
||||||
|
- "{{ ansible_os_family | lower }}.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- include: configure.yml
|
- include: configure.yml
|
||||||
tags:
|
tags:
|
||||||
- pip-configuration
|
- pip-configuration
|
||||||
|
@ -21,12 +32,6 @@
|
||||||
when:
|
when:
|
||||||
- pip_lock_to_internal_repo | bool
|
- pip_lock_to_internal_repo | bool
|
||||||
|
|
||||||
- include: install_online.yml
|
- include: install.yml
|
||||||
when: not pip_offline_install | bool
|
|
||||||
tags:
|
tags:
|
||||||
- pip-install
|
- pip-install
|
||||||
|
|
||||||
- include: install_offline.yml
|
|
||||||
when: pip_offline_install | bool
|
|
||||||
tags:
|
|
||||||
- pip-install
|
|
|
@ -22,10 +22,6 @@
|
||||||
roles:
|
roles:
|
||||||
- role: "{{ rolename | basename }}"
|
- role: "{{ rolename | basename }}"
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- name: Check get-pip.py file
|
|
||||||
stat:
|
|
||||||
path: /opt/get-pip.py
|
|
||||||
register: get_pip_file
|
|
||||||
- name: Check .pip directory
|
- name: Check .pip directory
|
||||||
stat:
|
stat:
|
||||||
path: "{{ ansible_env.HOME}}/.cache/pip"
|
path: "{{ ansible_env.HOME}}/.cache/pip"
|
||||||
|
@ -43,7 +39,6 @@
|
||||||
- name: Check role functions
|
- name: Check role functions
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "get_pip_file.stat.exists"
|
|
||||||
- "pip_dir.stat.isdir"
|
- "pip_dir.stat.isdir"
|
||||||
- "pip_selfcheck_file.stat.exists"
|
- "pip_selfcheck_file.stat.exists"
|
||||||
- "'pip 8.0.3 ' in pip_version.stdout"
|
- "pip_version.stdout | search('8.0.3')"
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
python_pip_package: python-pip
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
python_pip_package: python-pip
|
Loading…
Reference in New Issue