Ansible get_url module: Unable to find a checksum for file

Question

I'm trying to fetch ActiveMQ Artemis using the following:


- name: Download the ActiveMQ Artemis artifact
  get_url:
    url: "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz&action=download"
    dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
    #with fixed checksumm it works but breaks the idea of the version to be a variable.
    #checksum: "sha512:4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead"
    #Getting "Unable to find a checksum for file 'closer.cgi' in 'https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz.sha512'"
    checksum: "sha512:https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz.sha512"
    #Also getting: fatal: [dev-broker-01]: FAILED! => {"changed": false, "dest": "/tmp/apache-artemis-2.16.0-bin.tar.gz", "elapsed": 0, "msg": "Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>", "url": "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz&action=download"}
    validate_certs: no

and getting: "Unable to find a checksum for file 'closer.cgi' in 'https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz.sha512'" It's not picking up the filename from dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"

Also having some issue validating the certificate.

Any ideas how can I solve both problems?

I presume you're in some kind of proxied environment, so you'll need to add your proxy's CA to the remote machine's trust store — mdaniel, Nov 11 '20 at 17:05
I am behind a proxy, but after changing to url: "https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz" I don't have the issue anymore. Thanks. — la00, Nov 12 '20 at 08:28

seshadri_c · Accepted Answer · 2020-11-12T09:08:51.440

The error seems to suggest that it is looking for checksum of file closer.cgi rather than the actual tar.gz file. And the filename in the checksum URL is: apache-artemis-2.16.0-bin.tar.gz.

The other way to specify the checksum, is to just supply the checksum string (without filename). Although for that we need to come up with a couple of tasks prior to get it.

Something like below:

- uri:
    url: "https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz.sha512"
    return_content: true
  register: url_sha512
- set_fact:
    artemis_checksum: "{{ url_sha512.content.split('  ')[0] }}"      # there are 2 spaces
- get_url:
    url: "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz&action=download"
    dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
    checksum: "sha512:{{ artemis_checksum }}"
    # I was able to download without having below parameter
    # validate_certs: no

Update:

This kind of approach can be useful when site directory cannot be browsed, and file must be obtained from a mirrored URL.

I like the solution as a workaround. I got it to work with: url: "https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz", i.e. with the same URL from the checksum. Maybe edit your answer to state that this is only a solution if we MUST use the URL that looks for a mirror, so I can mark it as a solution. — la00, Nov 12 '20 at 08:18
That's a good point. I was not aware that a direct URL to file is available. If so, that is definitely preferable. I updated my answer to explain when it will be useful. — seshadri_c, Nov 12 '20 at 09:10
Thanks. I ended up using your solution for Keycloak as the checksum don't have the filename on it. Also opened a ticket so they add it in the future - https://issues.redhat.com/browse/KEYCLOAK-16251 — la00, Nov 12 '20 at 09:29

Ansible get_url module: Unable to find a checksum for file

1 Answers1