easybutton fails on recent Ubuntu 16.04
Closed this issue · 15 comments
Using latest deploykit (?), easybutton fails on fresh install of Ubuntu 16.04:
Successfully installed ansible-2.4.0.0 bcrypt-3.1.3 cffi-1.11.0 paramiko-2.3.1 pycparser-2.18 pynacl-1.1.2
You are using pip version 8.1.1, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
running ansible...
ERROR! Unexpected Exception, this is probably a bug: (cryptography 1.2.3 (/usr/lib/python2.7/dist-packages), Requirement.parse('cryptography>=1.5'), set(['paramiko']))
the full traceback was:
Traceback (most recent call last):
File "/usr/local/bin/ansible-playbook", line 85, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/local/lib/python2.7/dist-packages/ansible/cli/__init__.py", line 38, in <module>
from ansible.inventory.manager import InventoryManager
File "/usr/local/lib/python2.7/dist-packages/ansible/inventory/manager.py", line 29, in <module>
from ansible.inventory.data import InventoryData
File "/usr/local/lib/python2.7/dist-packages/ansible/inventory/data.py", line 30, in <module>
from ansible.plugins.cache import FactCache
File "/usr/local/lib/python2.7/dist-packages/ansible/plugins/cache/__init__.py", line 30, in <module>
from ansible.plugins.loader import cache_loader
File "/usr/local/lib/python2.7/dist-packages/ansible/plugins/loader.py", line 22, in <module>
from ansible.parsing.plugin_docs import read_docstring
File "/usr/local/lib/python2.7/dist-packages/ansible/parsing/plugin_docs.py", line 12, in <module>
from ansible.parsing.yaml.loader import AnsibleLoader
File "/usr/local/lib/python2.7/dist-packages/ansible/parsing/yaml/loader.py", line 30, in <module>
from ansible.parsing.yaml.constructor import AnsibleConstructor
File "/usr/local/lib/python2.7/dist-packages/ansible/parsing/yaml/constructor.py", line 29, in <module>
from ansible.parsing.vault import VaultLib
File "/usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py", line 44, in <module>
from cryptography.hazmat.backends import default_backend
File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 7, in <module>
import pkg_resources
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2927, in <module>
@_call_aside
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2913, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2940, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 637, in _build_master
return cls._build_from_requirements(__requires__)
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 650, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 834, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
ContextualVersionConflict: (cryptography 1.2.3 (/usr/lib/python2.7/dist-packages), Requirement.parse('cryptography>=1.5'), set(['paramiko']))
:~/bearded-avenger-deploymentkit-3.0.0b0$
I'll debug further, but the easy button is not easy, at least for me. :) lsb_release output:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
I tried pip install --upgrade cryptography and that left me worse off - pip didn't work, TLS errors. Wound up doing apt-get --auto-remove --yes remove python-openssl, then pip install pyOpenSSL, after which the easybutton seemed to work.
hrm, i don't see it in my vagrant test (which sometimes is slightly different than a default install of the OS).
just to verify, you're pulling this https://github.com/csirtgadgets/bearded-avenger-deploymentkit/archive/3.0.0b0.tar.gz and then: bash easybutton.sh, right?
wonder if there are some mis-matched packages in the default 1604 and the vagrant version of it?
ok, good to know there's at-least a work-around. i'm wondering if one of your choices (or the systems default choices?) during install ended up installing something that one of the deps didn't like... will make sure to try and clean that specific req up in the next round of testing... 16 doesn't come with a lot of python out of the box- so the EB does do some basic stuff to bootstrap it-
Must be system default choices, the only thing I changed from the default package selection during install process was I added the OpenSSH Server role. If it would help, I can attach a dpkg -l listing from an exactly-the-same-kind install.
would not surprise me if that auto-added python and the crypto stuff... also doesn't surprise me that the crypto stuff gets confused (have run into that every now and again). see if we can't work around it moving forward. throw dpkg -l in a gist somewhere and append it here.
umm.. ok, I can't reproduce either on a clean install. Maybe some step failed during my first install, and I didn't notice... I don't get it. Well, at least if somebody else runs into precisely the same issue I had before, they might be able to fix in less than the 10 minutes or so it took me to figure out my workaround? :(
sOk, we've run into crypto-python issues in the past (esp as diff software leverages diff interfaces). i'm sure it'll crop up again...
This affected me too. Running kraigu comment on Oct 2, 2017 worked.
apt-get --auto-remove --yes remove python-openssl
pip install pyOpenSSL
bash easybutton.sh
Something to add to the conversation, I didn't run into this into a fresh build, but we use saltstack to manage deployment of new assets, and I believe the install of salt-minion interacts with python-crypto and that may be involved.
@tbennett6421 that actually sounds about right- i've run into issues with python-crypto "like that" in the past- was kinda chewing on that a bit to see if it was wide spread or an artifact of a 'more custom' build- might be something easy to check for in one of the bootstrap scripts(?)
Let me know if I can assist in anyway
if you want- a quick PR that checks for python-openssl, then applies your work-around if it exists?
https://github.com/csirtgadgets/bearded-avenger-deploymentkit/blob/master/ubuntu16/bootstrap.sh#L14
might be easy to check dpkg -l for the package and if it exists, remove and pip install.
cheap and easy way to get credit for your finding :)
PR created.