fatal: [infra01_galera_container-a200f8b8]: FAILED! => {"changed": false, "cmd": "/usr/local/bin/pip install -U --isolated --constraint https://172.19.43.253:8181/os-releases/14.0.3/requirements_absolute_requirements.txt ndg-httpsclient requests", "failed": true, "msg": "\n:stderr: /usr/local/lib/python2.7/dist-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform.
and excessive use of fallback URLs
This is on Ubuntu 14.04
This issue can be worked around by setting proper URLs for
repo_pkg_cache_url, openstack_repo_url or just disabling SSL in haproxy via haproxy_ssl: false
While the haproxy_server role enables SSL by default it also generates a self signed cert with
haproxy_ ssl_self_ signed_ subject: "/C=US/ ST=Texas/ L=San Antonio/O=IT/CN={{ external_ lb_vip_ address }}/subjectAltNa me=IP.1= {{ external_ lb_vip_ address }}"
The repo depending roles like pip and all roles using pip seem to use http the internal VIP
openstack_repo_url: "http://{{ internal_ lb_vip_ address }}:{{ repo_server_port }}"
which results in SSL errors
fatal: [infra01_ galera_ container- a200f8b8] : FAILED! => {"changed": false, "cmd": "/usr/local/bin/pip install -U --isolated --constraint https:/ /172.19. 43.253: 8181/os- releases/ 14.0.3/ requirements_ absolute_ requirements. txt ndg-httpsclient requests", "failed": true, "msg": "\n:stderr: /usr/local/ lib/python2. 7/dist- packages/ pip/_vendor/ requests/ packages/ urllib3/ util/ssl_ .py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform.
and excessive use of fallback URLs
This is on Ubuntu 14.04
This issue can be worked around by setting proper URLs for
repo_pkg_cache_url, openstack_repo_url or just disabling SSL in haproxy via haproxy_ssl: false