0

I am trying to do a readiness check on a docker image deployed using Ansible. I am using Ansible module URI. In spite of validate_certs being set to false, I am receiving an SSL error when I try to get an html deployed on it. Verbose log:

<my.ip.v4.address> (1, b'\r\n{"redirected": false, "url": "https://127.0.0.1/xxxx_xxxx/xxxx.html", "status": -1, "elapsed": 0, "changed": false, "failed": true, "msg": "Status code was -1 and not [200]: Request failed: <urlopen error EOF occurred in violation of protocol (_ssl.c:1131)>", "invocation": {"module_args": {"url": "https://127.0.0.1/xxxx_xxxx/xxxx.html", "validate_certs": false, "status_code": [200], "force": false, "http_agent": "ansible-httpget", "use_proxy": true, "force_basic_auth": false, "use_gssapi": false, "body_format": "raw", "method": "GET", "return_content": false, "follow_redirects": "safe", "timeout": 30, "headers": {}, "remote_src": false, "unredirected_headers": [], "unsafe_writes": false, "url_username": null, "url_password": null, "client_cert": null, "client_key": null, "dest": null, "body": null, "src": null, "creates": null, "removes": null, "unix_socket": null, "ca_path": null, "mode": null, "owner": null, "group": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my.ip.v4.address closed.\r\n')
<my.ip.v4.address> Failed to connect to the host via ssh: Shared connection to my.ip.v4.address closed.
<my.ip.v4.address> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<my.ip.v4.address> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/jenkins/agent/workspace/XXXXXX/install/foo.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ubuntu"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/ec46bec0a9"' my.ip.v4.address '/bin/sh -c '"'"'rm -f -r /home/ubuntu/.ansible/tmp/ansible-tmp-1686679882.2572894-1671-167322689625420/ > /dev/null 2>&1 && sleep 0'"'"''
<my.ip.v4.address> (0, b'', b'')
fatal: [my.ip.v4.address]: FAILED! => {
    "attempts": 60,
    "changed": false,
    "elapsed": 0,
    "invocation": {
        "module_args": {
            "attributes": null,
            "body": null,
            "body_format": "raw",
            "ca_path": null,
            "client_cert": null,
            "client_key": null,
            "creates": null,
            "dest": null,
            "follow_redirects": "safe",
            "force": false,
            "force_basic_auth": false,
            "group": null,
            "headers": {},
            "http_agent": "ansible-httpget",
            "method": "GET",
            "mode": null,
            "owner": null,
            "remote_src": false,
            "removes": null,
            "return_content": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "status_code": [
                200
            ],
            "timeout": 30,
            "unix_socket": null,
            "unredirected_headers": [],
            "unsafe_writes": false,
            "url": "https://127.0.0.1/xxxx_xxxx/xxxx.html",
            "url_password": null,
            "url_username": null,
            "use_gssapi": false,
            "use_proxy": true,
            "validate_certs": false
        }
    },
    "msg": "Status code was -1 and not [200]: Request failed: <urlopen error EOF occurred in violation of protocol (_ssl.c:1131)>",
    "redirected": false,
    "status": -1,
    "url": "https://127.0.0.1/xxxx_xxxx/xxxx.html"
}

I defining Django URL patterns like so in my code:

urlpatterns = [
    path('xxxx_xxxx/', include('xxxx_xxxx.urls'))]
.
.
urlpatterns = [
    re_path(r'^xxxx.html$', TemplateView.as_view(template_name='xxxx.html'), name='xxxx')]

I was expecting validation of certificates to be skipped.

Yo mama
  • 3
  • 3
  • 1
    Well you use https, so the server aims to make a https connection, that is the problem. Usually for secure connections, a webserver like nginx/apache/... is used that will then forward the requests to the Django process. – Willem Van Onsem Jun 13 '23 at 19:53
  • It used to work till I upgraded some packages in our build image and requirements. I am wondering what protocol is being violated and it it is a cipher? I also switched from using `url` to `re_path`. This code is internal. We are moving to better standards with baby steps :) – Yo mama Jun 13 '23 at 20:20
  • 1
    but likely what happens is that you send the https request immediately to Django, who can not decypher it. There are some packages that can, but that is probably better offloaded to nginx that thus is catering the encryption layer. – Willem Van Onsem Jun 13 '23 at 20:21
  • Gotcha. So, this is not a django issue. That is helpful. I'll try other options and leave the django code alone. – Yo mama Jun 13 '23 at 20:32
  • I was able to get past that error. I also needed to update my pymsql client like so: `pymysql.version_info = (1, 4, 6, "final", 0)`. See https://stackoverflow.com/questions/55657752/django-installing-mysqlclient-error-mysqlclient-1-3-13-or-newer-is-required. And my Django rest framework to 3.14.0. thanks for helping. I thought my docker container was running successfully but I noticed it was throwing errors. – Yo mama Jun 13 '23 at 22:25

0 Answers0