@max I’m afraid I don’t have a good answer for you. My first suggestion would be to try again after waiting a bit. I tried creating a fresh vm and couldn’t reproduce the problem.
If you have the option of turning on a VPN for your control machine, doing so should change your IP and could get around any potential rate-limiting, if relevant. That may have worked for me once when I think GitHub was rate-limiting me after a few provision attempts, or maybe it was just a coincidence. However, I realize the relevant domain is getcomposer.org, not GitHub.
If you haven’t already, check that you’re using Ansible 220.127.116.11 and Vagrant 1.8.1 (1.8.4 is not working for everybody). You could then
vagrant box update (e.g., to use the latest
ubuntu/trusty64 with provider
- back up mysql db on vm (if somehow you did anything with the db)
vagrant destroy -f && vagrant up to completely rebuild the vm
If that doesn’t fix it, we can consider the error message, which I understand to be Ansible offering suggestions of what to check in the event of ssl.SSLError or socket.error rather than exact diagnostics of the problem. You probably saw something like
msg: Failed to validate the SSL certificate for getcomposer.org:443.
Make sure your managed systems have a valid CA certificate installed.
If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine.
You can use validate_certs=False if you do not need to confirm the server\s identity but this is unsafe and not recommended.
Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible
- I doubt the problem is a missing/obsolete CA certificate on the vm because your
- I doubt it is an SNI or python version problem because I get the same cert in response to these commands:
# not applying SNI
openssl s_client -connect getcomposer.org:443 | openssl x509 -noout -text
# applying SNI by specifying -servername
openssl s_client -connect getcomposer.org:443 -servername getcomposer.org | openssl x509 -noout -text
If trying later doesn’t work, and a VPN doesn’t work, you may have to do a little more digging, or try a temporary dirty hack and adjust the offending task in the
vendor/roles directory, either setting the
validate_certs option to
false (docs), which is insecure, or change the task to use