Bug #12870
ansible: Failed to validate the SSL certificate for raw.githubusercontent.com when downloading SSH pubkeys
0%
Description
{'plana09.front.sepia.ceph.com': {'invocation': {'module_name': 'authorized_key', 'module_args': 'user="ubuntu" key=https://raw.githubuserc ontent.com/ceph/keys/autogenerated/ssh/@all.pub'}, 'failed': True, 'msg': 'Failed to validate the SSL certificate for raw.githubusercontent.com:443. Use validate_certs=False (insecure) or make sure your managed systems have a valid CA certificate installed. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible'}, 'mira012.front.sepia.ceph.com': {'invocation': {'module_name': 'authorized_key', 'module_args': 'user="ubuntu" key=https://raw.githubuserc ontent.com/ceph/keys/autogenerated/ssh/@all.pub'}, 'failed': True, 'msg': 'Failed to validate the SSL certificate for raw.githubusercontent.com:443. Use validate_certs=False (insecure) or make sure your managed systems have a valid CA certificate installed. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible'}, 'burnupi08.front.sepia.ceph.com': {'invocation': {'module_name': 'authorized_key', 'module_args': 'user="ubuntu" key=https://raw.githubuserc ontent.com/ceph/keys/autogenerated/ssh/@all.pub'}, 'failed': True, 'msg': 'Failed to validate the SSL certificate for raw.githubusercontent.com:443. Use validate_certs=False (insecure) or make sure your managed systems have a valid CA certificate installed. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible'}}
http://pulpito.ceph.com/teuthology-2015-08-24_23:08:02-kcephfs-master-testing-basic-multi/1030714/
http://pulpito.ceph.com/teuthology-2015-08-23_23:18:02-multimds-next-testing-basic-multi/1028549/
Searching my email this also seems to have popped up in a lot of the backport tests and things. Maybe this should be a sepia issue? Not sure.
History
#1 Updated by Andrew Schoen over 8 years ago
I've seen this one before. This might be the solution, "make sure your managed systems have a valid CA certificate installed". I don't have a lot of knowledge in that area, so I'm not sure what fixing that would take.
We could also just not request keys from github, we've had other issues with that as well. See: http://tracker.ceph.com/issues/12868
#2 Updated by Zack Cerza over 8 years ago
- Subject changed from Failed to validate the SSL certificate to ansible: Failed to validate the SSL certificate for raw.githubusercontent.com when downloading SSH pubkeys
- Status changed from New to 12
This is another case of http://tracker.ceph.com/issues/12380
The fix could look like:
https://github.com/ceph/ceph-cm-ansible/blob/afbbeac70f98dcc755717063df8913de571b1adb/roles/users/tasks/main.yml#L46-L50
#3 Updated by Andrew Schoen over 8 years ago
Zack Cerza wrote:
This is another case of http://tracker.ceph.com/issues/12380
The fix could look like:
https://github.com/ceph/ceph-cm-ansible/blob/afbbeac70f98dcc755717063df8913de571b1adb/roles/users/tasks/main.yml#L46-L50
I do see that #12380 had a similar error message about SSL certs. Is that ssl cert error just nonsense and it's actually a timeout on the github side? I guess I'm confused why adding a retry fixes the SSL cert.
#4 Updated by Zack Cerza over 8 years ago
I think it is nonsense related to a timeout.
#5 Updated by Andrew Schoen over 8 years ago
- Assignee set to Andrew Schoen
#6 Updated by Nathan Cutler over 8 years ago
I just got this error in a recent rados run on firefly-backports (it's the first failed job listed): http://pulpito.ceph.com/smithfarm-2015-08-27_03:39:40-rados-firefly-backports---basic-multi/
The second failure in that run seems to be closely related: Error getting key from: https://raw.githubusercontent.com/ceph/keys/autogenerated/ssh/@all.pub
These two failures occurred in a re-run of dead and failed jobs from an earlier rados suite. That earlier suite also ended with two failures, but those said "Invalid cross-device link": http://pulpito.ceph.com/smithfarm-2015-08-10_12:21:46-rados-firefly-backports---basic-multi/
#7 Updated by Andrew Schoen over 8 years ago
- Status changed from 12 to Resolved