TASK [Import InfluxData GPG signing key] - Fatal

[dlacasse]

Ansible Version: 2.6.1
InfluxDB Version: 12.x

Issue

It looks like repos.influxdata.com is now using SNI (which isn't supported in python 2.7.6). Because the ubuntu/trusty64 box currently comes with Python 2.7.6, there isn't a way to get this working.

Error:

TASK [Import InfluxData GPG signing key] ***************************************
fatal: [node1]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for repos.influxdata.com:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine  (the python executable used (/usr/bin/python) is version: 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure."}

Steps to reproduce

1. git clone https://github.com/mtchavez/ansible-influxdb.git
2. cd ansible-influxdb
3. $ vagrant up --provision

Expected behavior

Should be able to import signing key to allow for provisioning to continue.

[dlacasse]

I was able to work around this by including the following additional tasks in main.yml:

- name: Install additional Python-related packages
  apt: pkg={{item}} state=present
  sudo: yes
  with_items:
    - python-dev
    - python-pip
    - python-virtualenv

- name: pip install Python dependencies
  pip: 
    name: urllib3,pyOpenSSL,ndg-httpsclient,pyasn1

Happy to put in a PR if this is an acceptable approach. Alternatively, it seems one of the newer ubuntu releases could be used as the base vagrant box (although that would probably require more testing).