ansible_host: Fix for python 3.12 clients
This commit is contained in:
parent
4756acbaf0
commit
8dd1e61c3b
2 changed files with 91 additions and 0 deletions
86
roles/ansible_host/files/urls.py.patch
Normal file
86
roles/ansible_host/files/urls.py.patch
Normal file
|
|
@ -0,0 +1,86 @@
|
||||||
|
--- ./urls.py.orig 2024-03-27 18:55:18.077213253 +0000
|
||||||
|
+++ urls.py 2024-03-27 18:21:07.613270952 +0000
|
||||||
|
@@ -535,15 +535,18 @@
|
||||||
|
UnixHTTPSConnection = None
|
||||||
|
if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler'):
|
||||||
|
class CustomHTTPSConnection(httplib.HTTPSConnection): # type: ignore[no-redef]
|
||||||
|
- def __init__(self, *args, **kwargs):
|
||||||
|
+ def __init__(self, client_cert=None, client_key=None, *args, **kwargs):
|
||||||
|
httplib.HTTPSConnection.__init__(self, *args, **kwargs)
|
||||||
|
self.context = None
|
||||||
|
if HAS_SSLCONTEXT:
|
||||||
|
self.context = self._context
|
||||||
|
elif HAS_URLLIB3_PYOPENSSLCONTEXT:
|
||||||
|
self.context = self._context = PyOpenSSLContext(PROTOCOL)
|
||||||
|
- if self.context and self.cert_file:
|
||||||
|
- self.context.load_cert_chain(self.cert_file, self.key_file)
|
||||||
|
+
|
||||||
|
+ self._client_cert = client_cert
|
||||||
|
+ self._client_key = client_key
|
||||||
|
+ if self.context and self._client_cert:
|
||||||
|
+ self.context.load_cert_chain(self._client_cert, self._client_key)
|
||||||
|
|
||||||
|
def connect(self):
|
||||||
|
"Connect to a host on a given (SSL) port."
|
||||||
|
@@ -564,10 +567,10 @@
|
||||||
|
if HAS_SSLCONTEXT or HAS_URLLIB3_PYOPENSSLCONTEXT:
|
||||||
|
self.sock = self.context.wrap_socket(sock, server_hostname=server_hostname)
|
||||||
|
elif HAS_URLLIB3_SSL_WRAP_SOCKET:
|
||||||
|
- self.sock = ssl_wrap_socket(sock, keyfile=self.key_file, cert_reqs=ssl.CERT_NONE, # pylint: disable=used-before-assignment
|
||||||
|
- certfile=self.cert_file, ssl_version=PROTOCOL, server_hostname=server_hostname)
|
||||||
|
+ self.sock = ssl_wrap_socket(sock, keyfile=self._client_key, cert_reqs=ssl.CERT_NONE, # pylint: disable=used-before-assignment
|
||||||
|
+ certfile=self._client_cert, ssl_version=PROTOCOL, server_hostname=server_hostname)
|
||||||
|
else:
|
||||||
|
- self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=PROTOCOL)
|
||||||
|
+ self.sock = ssl.wrap_socket(sock, keyfile=self._client_key, certfile=self._client_cert, ssl_version=PROTOCOL)
|
||||||
|
|
||||||
|
class CustomHTTPSHandler(urllib_request.HTTPSHandler): # type: ignore[no-redef]
|
||||||
|
|
||||||
|
@@ -602,10 +605,6 @@
|
||||||
|
return self.do_open(self._build_https_connection, req)
|
||||||
|
|
||||||
|
def _build_https_connection(self, host, **kwargs):
|
||||||
|
- kwargs.update({
|
||||||
|
- 'cert_file': self.client_cert,
|
||||||
|
- 'key_file': self.client_key,
|
||||||
|
- })
|
||||||
|
try:
|
||||||
|
kwargs['context'] = self._context
|
||||||
|
except AttributeError:
|
||||||
|
@@ -613,7 +612,7 @@
|
||||||
|
if self._unix_socket:
|
||||||
|
return UnixHTTPSConnection(self._unix_socket)(host, **kwargs)
|
||||||
|
if not HAS_SSLCONTEXT:
|
||||||
|
- return CustomHTTPSConnection(host, **kwargs)
|
||||||
|
+ return CustomHTTPSConnection(host, client_cert=self.client_cert, client_key=self.client_key, **kwargs)
|
||||||
|
return httplib.HTTPSConnection(host, **kwargs)
|
||||||
|
|
||||||
|
@contextmanager
|
||||||
|
@@ -979,7 +978,7 @@
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
-def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True):
|
||||||
|
+def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True, client_cert=None, client_key=None):
|
||||||
|
if ciphers is None:
|
||||||
|
ciphers = []
|
||||||
|
|
||||||
|
@@ -1006,6 +1005,9 @@
|
||||||
|
if ciphers:
|
||||||
|
context.set_ciphers(':'.join(map(to_native, ciphers)))
|
||||||
|
|
||||||
|
+ if client_cert:
|
||||||
|
+ context.load_cert_chain(client_cert, keyfile=client_key)
|
||||||
|
+
|
||||||
|
return context
|
||||||
|
|
||||||
|
|
||||||
|
@@ -1514,6 +1516,8 @@
|
||||||
|
cadata=cadata,
|
||||||
|
ciphers=ciphers,
|
||||||
|
validate_certs=validate_certs,
|
||||||
|
+ client_cert=client_cert,
|
||||||
|
+ client_key=client_key,
|
||||||
|
)
|
||||||
|
handlers.append(HTTPSClientAuthHandler(client_cert=client_cert,
|
||||||
|
client_key=client_key,
|
||||||
|
|
@ -10,6 +10,11 @@
|
||||||
- python3.11-dns # required for lookup('dig', 'hostname')
|
- python3.11-dns # required for lookup('dig', 'hostname')
|
||||||
- python3.11-netaddr # required by iptables role
|
- python3.11-netaddr # required by iptables role
|
||||||
|
|
||||||
|
- name: Patch ansible to support python 3.12 clients
|
||||||
|
ansible.posix.patch:
|
||||||
|
src: urls.py.patch
|
||||||
|
dest: /usr/lib/python3.9/site-packages/ansible/module_utils/urls.py
|
||||||
|
|
||||||
- name: Create private directory and force permissions
|
- name: Create private directory and force permissions
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /export/private
|
path: /export/private
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue