Azure-sdk-for-python: CERTIFICATE_VERIFY_FAILED when connecting to Azure

Hi @delubi

Could you update or install the certifi package (pip install -U certifi) and tells if this makes a difference?

Thanks!

The certifi package appears to be already installed. Assume it's not a difference maker.

[root@localhost ansible]# pip install -U certifi --trusted-host pypi.python.org
Requirement already up-to-date: certifi in /usr/lib/python2.7/site-packages

Thanks,
Forrest

@yugangw-msft any idea?

Thanks for looking into it.

Just to let you know that the CERTIFICATE_VERIFY_FAILED error appears to be related to something in our Corp network.

When I worked in office all outbound/inbound traffic to/from Internet has to go through our Corp network. That’s where I encountered the error.

I’m working from home today. Tried the same playbook again from the same running VM environment. The connection to Azure passed without error. I was able to provision a VM on Azure.

So the only differentiator is I’m using home network to connect to Internet. Somehow, SSL handshaking seems to be interfered by our Corp network (the actual cause is yet to be figured out).

Thanks,
Forrest

Ok, corp net means proxies usually. In direct SDK, you would have been able to pass "verify=False" to bypass SSL from your corpnet. @tstringer do you know if this is available in the Ansible configuration?

@lmazuel This is currently not available from and Ansible standpoint. But this sounds like something that would be useful. I'll be sure to put this on our backlog.

@delubi I would think an appropriate workaround for the time being would be to perhaps stand up a VM in Azure to work as your Ansible host. Is that a possibility?

Probably duplicate https://github.com/Azure/azure-sdk-for-python/issues/1089

We only ever saw this intermittently with an explicit proxy. Never got to the bottom of it and we switched to an implicit proxy model instead. I suspected this was a requests issue but never managed to find the root cause.

@tstringer Standing up a VM in Azure and using it as Ansible host is feasible, although not desired. My desired use case is to have ansible run on-premise and be able to provision VMs either in VMware vCenter (on-premise) or in Cloud (i.e. Azure). It's not a showstopper at the moment but would like to see if there is a workaround that we can implement within the Corp boundary.

@awalker125 Is the explicit or implicit proxy something on the Azure side? Or something in the SDK?

On the azure side using user defined routes and a proxy device

Sounds like one of two things:
* your company's got a MITM HTTPS proxy, so you need to add its CA root to the cert trust store on the Ansible host
- or -
* someone's removed the Microsoft CA root from the trust store on the Ansible host (it needs to be added back).

@lmazuel is the verify=False option exposed somewhere globally on msrestazure or elsewhere that we could set it? I'm not opposed to adding support for that in the Ansible modules if so, but in both of these cases it seems like just a configuration/cert trust issue on the Ansible host that should be easily resolved (and much more secure than just ignoring cert validation)

@nitzmahone Yes, there is even two solutions:

• Add the keyword argument verify=False when creating UserPassCredentials or ServicePrincipalCredentials (only these twos).
• Use a session callback:

def verify_false_callback(session, global_config, local_config, **kwargs):
    session.verify=False
client.config.session_configuration_callback = verify_false_callback

This last one is available everywhere, whatever the authentication class used. msrest >=0.4.15

@nitzmahone I have tried the first solution and this doesn't seem to work.

My scenario is slightly different in that I am using Azure Stack rather than Azure proper but I imagine there are a lot of similarities.

In my scenario we are querying the metadata endpoint which calls a method (_populate_from_metadata_endpoint) in msrestazure/azure_cloud.py. This appears to be hardcoded to not pass verify=False to retrieve the endpoints. Editing this to pass this verify=False gets Ansible running.

Thanks @charliejllewellyn ! That's an excellent point. I created an issue for msrestazure, and created an issue in the Azure CLI as well (since they don't know but they have the same issue as Ansible)

Could you try:

• Update to msrestazure 0.4.18
• Download the certificate: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-cli-admin
• Set the REQUESTS_CA_BUNDLE env variable to it: http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

@lmazuel Thanks for looking at this so quickly :) You cannot specify only the self-signed cert as this overrides the OS CA bundle causing the auth request to login.microsoft.com. This is because the official MS cert is not available. However adding this cert to the OS CA bundle and then referencing that works so thanks!

Hi @charliejllewellyn ! Thanks for the feedback. May I ask you to detail how you "adding this cert to the OS CA bundle", just to have clear answer to this thread? Especially, it's probably different on Windows/MacOSX/Ubuntu, and I'd be curious myself to see your exact scenario. Thanks!

np :)

I'm using Docker with a default Centos image "library/centos". The bit that does the cert is as follows:

 yum install ca-certificates -y
update-ca-trust force-enable
cp /path/to/azurestack.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Hi @charliejllewellyn . I am new to this. My use case is I am trying to connect to Azure from my CentOS linux machine. Getting SSL Certificate issue.
As part of your above comments can you please help me how to extract azurestack.pem certificate ?

Hi @mahaboob are you trying to connect to Azure or Azure Stack?

At any case, if you can access the URL to whichever portal you want to get your cert from. Export it from the browser.

Hoping you have access to some Windows PC... Import the exported cert to your Local Machine Certificates:

Then from PowerShell run:

Change SubjectNameOfYourCertificate

    cd cert:\localmachine\my
    dir | Where-Object {$_.subject -like "*<SubjectNameOfYourCertificate>*"} |export-Certificate -filepath "C:\Windows\Temp\azurestack.cer" -type CERT -NoClobber
    certutil -encode "C:\Windows\Temp\azurestack.cer" "C:\Windows\Temp\azurestack-physical.cer"
    openssl x509 -in "C:\Windows\Temp\azurestack-physical.cer" -out "C:\Windows\Temp\azurestack-physical.pem" -outform PEM

Then you can verify your pem:

or run from PowerShell:

openssl x509 -in "C:\Windows\Temp\azurestack-physical.pem" -text -noout


Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:cc:00:98:3b:6e:5d:a7:4f:f6:5d:29:3d:3c:0a:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AzureStackSelfSignedRootCert
        Validity
            Not Before: Jun 11 16:17:09 2018 GMT
            Not After : Jun 11 16:37:09 2019 GMT
        Subject: CN=AzureStackSelfSignedRootCert
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:8d:e7:f3:bf:a3:4e:99:a6:ce:d0:bc:8a:f9:c8:
                    d3:4c:e1:6a:0f:6c:ef:99:8e:ec:fd:a3:b2:66:0c:
                    6d:6f:e5:28:a2:aa:f4:14:a9:97:3e:28:d7:82:0f:
                    ec:6e:4c:7c:f2:91:68:ad:3e:25:75:fa:be:26:0a:
                    f9:eb:28:a9:16:c8:15:c7:8f:81:4e:ec:fb:17:97:
                    9a:8a:e7:f9:f8:17:02:e7:4d:18:ce:88:8e:98:8b:
                    e4:47:84:a8:8d:68:9e:af:a7:73:d0:f4:48:57:6e:
                    a4:a6:f0:83:07:fe:44:15:5d:c7:78:a7:7e:35:62:
                    74:17:2e:25:79:54:fe:98:77:ae:59:28:b4:43:a5:
                    52:74:f0:83:1b:dd:ed:4a:f3:ba:d4:64:94:88:d4:
                    65:13:78:42:87:2e:93:42:f4:c6:22:92:cd:13:7e:
                    c7:20:0f:25:40:bb:cf:3d:61:6f:a9:cd:f5:1e:25:
                    ac:2b:e8:31:6b:54:53:4b:3e:91:11:5e:84:f9:9d:
                    32:e6:05:23:fa:2e:a8:cf:76:69:a8:96:be:77:23:
                    2d:ad:48:8c:60:b5:14:c2:86:10:a8:8c:54:db:6d:
                    96:6c:9b:54:45:01:89:d0:d0:95:ed:76:e1:35:cc:
                    3f:b5:02:02:48:e8:68:8b:25:08:48:93:1b:89:29:
                    9c:ac:f9:2f:8a:ea:27:81:e7:f4:db:a2:58:a4:b8:
                    f5:bb:f1:97:b8:a6:eb:60:8f:da:76:fb:2d:bf:ca:
                    15:90:2a:89:79:09:b1:1a:80:54:38:33:84:82:36:
                    36:24:e7:72:26:e8:0e:f5:f3:26:57:14:ea:fc:41:
                    9f:01:59:61:b9:dc:3f:96:1e:63:cf:b6:19:72:5e:
                    78:d9:f4:74:ad:e2:be:dd:a9:a4:7e:6f:76:79:f6:
                    f0:b1:98:25:72:4d:19:21:19:fb:2f:01:a5:a1:ba:
                    2b:5f:30:6b:4c:d9:ef:94:eb:ac:78:bc:01:7f:5e:
                    dd:6f:de:bd:ad:e8:96:de:2d:77:6a:79:3d:f3:5f:
                    64:b6:62:8c:67:a9:14:62:f9:23:55:f1:5a:4e:58:
                    c2:6c:2c:15:51:01:9a:73:fa:b6:65:3b:76:1f:a1:
                    db:c0:41:af:e9:0c:57:9f:ad:0f:06:df:b5:77:5d:
                    19:5a:7c:55:9f:39:d4:0d:9e:03:30:75:70:79:8a:
                    eb:b8:5c:6c:c2:45:c2:89:f8:38:12:d6:65:68:51:
                    26:99:e0:58:39:47:4c:a3:82:51:d0:5e:ad:95:fd:
                    cc:ab:df:f8:b9:71:9e:68:7b:00:0c:64:ed:da:6d:
                    84:21:89:d4:a9:e6:9d:ac:a0:8c:44:b8:3e:fd:46:
                    28:db:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Subject Alternative Name:
                DNS:local.azurestack.external
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:3
            X509v3 Subject Key Identifier:
                89:38:E1:B0:61:47:FC:4D:A9:F9:8B:C5:49:F0:72:E8:85:7F:11:C9
    Signature Algorithm: sha256WithRSAEncryption
         73:53:7e:51:cd:33:8d:bf:58:af:d4:59:76:b3:e8:0d:bf:8e:
         0a:c7:1b:1d:21:4f:2d:e0:58:3d:c9:c7:9a:a2:58:e0:65:92:
         04:71:ac:5f:3c:b2:fa:01:cf:1a:90:d0:2d:0a:04:be:ac:28:
         9c:f6:80:3a:a6:b7:fe:a0:54:5f:e5:98:15:ae:dd:0b:6e:ae:
         85:9e:80:c0:7b:2e:3c:31:39:b8:32:ce:c4:81:50:49:d0:ac:
         87:fd:aa:9f:d2:58:29:3f:26:d1:e7:bb:62:7d:77:f0:02:f7:
         34:dd:b5:f2:34:09:13:49:84:1a:5b:40:08:58:95:98:17:1d:
         4a:3f:2d:09:cf:60:be:69:74:ca:5f:53:60:13:60:45:5f:8e:
         d4:05:84:ca:22:b1:6b:f9:68:44:21:26:53:2d:0d:7f:4c:a3:
         6e:6d:f9:da:5f:73:23:a5:4b:1c:c0:3c:aa:70:e8:f5:93:9c:
         b5:df:41:b9:ad:b1:c6:2b:34:34:3e:63:62:c5:c2:7b:7d:82:
         22:4a:c2:8e:e4:34:ba:fb:8a:17:ad:5e:67:84:c9:8e:44:fe:
         8b:b5:d7:6e:2e:28:85:39:e8:6a:d0:1d:f2:bb:26:f1:3e:a3:
         51:cd:3d:07:80:e5:3f:9c:00:01:ea:37:79:1f:b8:65:db:51:
         68:3d:ff:ee:99:d5:db:22:0e:41:fa:fa:79:16:ab:63:6c:74:
         8d:2e:c2:fa:10:e5:38:ed:13:fd:bb:5d:a7:83:d4:ee:c9:df:
         65:66:d7:83:2c:c8:35:2a:68:22:e6:da:e5:fd:f0:f2:a1:7e:
         ab:c5:03:89:75:0c:59:cc:40:45:8f:37:23:7c:f0:aa:a8:c0:
         d7:87:c4:d1:c1:48:69:d1:0d:93:e3:69:a9:db:6d:9e:0e:31:
         92:e6:c2:b7:e1:fb:c0:8b:08:e4:e8:36:5f:3c:1e:b2:5c:ce:
         56:98:07:6e:10:88:b9:46:18:3c:7b:bb:05:7a:74:ab:0a:b2:
         4d:b7:c1:55:90:2f:13:bb:67:4c:61:61:6c:c0:ea:e9:c9:18:
         a4:10:0c:60:4b:0f:a4:ab:17:79:1a:f6:c0:c4:bb:66:1c:72:
         8a:49:ee:98:11:c5:b8:2a:a5:82:b3:a7:81:08:2c:fe:8d:eb:
         d7:d5:41:61:3f:c4:1d:6c:72:a7:ba:cd:6b:ae:b1:f2:f9:aa:
         67:c2:6d:d8:eb:47:2e:d6:4e:a6:bb:28:26:ad:e3:06:36:08:
         94:18:4c:a7:d0:74:48:2c:86:4e:8e:6f:b0:39:ce:8b:8b:0d:
         c2:5d:13:2e:c4:0a:ed:aa:f6:10:32:58:7c:6a:9a:37:dc:4d:
         94:14:b9:32:c6:54:2e:21

Does that help?

Could you try:

• Update to msrestazure 0.4.18
• Download the certificate: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-cli-admin
• Set the REQUESTS_CA_BUNDLE env variable to it: http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

Any hints how to get the certificate on CentOS? Think I run into a similar error when running ansible-playbook rg.yml from the example of microsoft https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ansible-install-configure

fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "From cffi callback <function _verify_callback at 0x7fa6b91c1c08>:\nTraceback (most recent call last):\n File \"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 309, in wrapper\n _lib.X509_up_ref(x509)\nAttributeError: 'module' object has no attribute 'X509_up_ref'\nTraceback (most recent call last):\n File \"/home/user/.ansible/tmp/ansible-tmp-1540979182.9-35496095147721/AnsiballZ_azure_rm_resourcegroup.py\", line 113, in <module>\n _ansiballz_main()\n File \"/home/user/.ansible/tmp/ansible-tmp-1540979182.9-35496095147721/AnsiballZ_azure_rm_resourcegroup.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/user/.ansible/tmp/ansible-tmp-1540979182.9-35496095147721/AnsiballZ_azure_rm_resourcegroup.py\", line 48, in invoke_module\n imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_2wWgRU/__main__.py\", line 256, in <module>\n \n File \"/tmp/ansible_azure_rm_resourcegroup_payload_2wWgRU/__main__.py\", line 252, in main\n \n File \"/tmp/ansible_azure_rm_resourcegroup_payload_2wWgRU/__main__.py\", line 136, in __init__\n \n File \"/tmp/ansible_azure_rm_resourcegroup_payload_2wWgRU/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 301, in __init__\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_2wWgRU/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 1021, in __init__\n File \"build/bdist.linux-x86_64/egg/msrestazure/azure_active_directory.py\", line 453, in __init__\n File \"build/bdist.linux-x86_64/egg/msrestazure/azure_active_directory.py\", line 480, in set_token\n File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n raise error\nmsrest.exceptions.AuthenticationError: , SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /TENANTID/oauth2/token (Caused by SSLError(SSLError(\"bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Same here. Following this tutorial on Centos 7.5 x64 and ansible 2.7.1
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ansible-install-configure

Error:
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "From cffi callback <function _verify_callback at 0x7f2e72f77320>:\nTraceback (most recent call last):\n File \"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 309, in wrapper\n _lib.X509_up_ref(x509)\nAttributeError: 'module' object has no attribute 'X509_up_ref'\nTraceback (most recent call last):\n File \"<stdin>\", line 113, in <module>\n File \"<stdin>\", line 105, in _ansiballz_main\n File \"<stdin>\", line 48, in invoke_module\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_Z3f5cW/__main__.py\", line 256, in <module>\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_Z3f5cW/__main__.py\", line 252, in main\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_Z3f5cW/__main__.py\", line 136, in __init__\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_Z3f5cW/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 301, in __init__\n File \"/tmp/ansible_azure_rm_resourcegroup_payload_Z3f5cW/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 1021, in __init__\n File \"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", line 453, in __init__\n self.set_token()\n File \"/usr/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", line 480, in set_token\n raise_with_traceback(AuthenticationError, \"\", err)\n File \"/usr/lib/python2.7/site-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n raise error\nmsrest.exceptions.AuthenticationError: , SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx/oauth2/token (Caused by SSLError(SSLError(\"bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Output of:
sudo pip install ansible[azure]

Requirement already satisfied: ansible[azure] in /usr/lib/python2.7/site-packages (2.7.1)
Requirement already satisfied: jinja2 in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.7.2)
Requirement already satisfied: PyYAML in /usr/lib64/python2.7/site-packages (from ansible[azure]) (3.10)
Requirement already satisfied: paramiko in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.16.1)
Requirement already satisfied: cryptography in /usr/lib64/python2.7/site-packages (from ansible[azure]) (2.2.2)
Requirement already satisfied: setuptools in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.9.8)
Requirement already satisfied: packaging in /usr/lib/python2.7/site-packages (from ansible[azure]) (18.0)
Requirement already satisfied: requests[security] in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.18.4)
Requirement already satisfied: azure-cli-core==2.0.35 in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.0.35)
Requirement already satisfied: azure-cli-nspkg==3.0.2 in /usr/lib/python2.7/site-packages (from ansible[azure]) (3.0.2)
Requirement already satisfied: azure-common==1.1.11 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.1.11)
Requirement already satisfied: azure-mgmt-batch==4.1.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (4.1.0)
Requirement already satisfied: azure-mgmt-compute==2.1.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.1.0)
Requirement already satisfied: azure-mgmt-containerinstance==0.4.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.4.0)
Requirement already satisfied: azure-mgmt-containerregistry==2.0.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.0.0)
Requirement already satisfied: azure-mgmt-containerservice==3.0.1 in /usr/lib/python2.7/site-packages (from ansible[azure]) (3.0.1)
Requirement already satisfied: azure-mgmt-dns==1.2.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.2.0)
Requirement already satisfied: azure-mgmt-keyvault==0.40.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.40.0)
Requirement already satisfied: azure-mgmt-marketplaceordering==0.1.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.1.0)
Requirement already satisfied: azure-mgmt-monitor==0.5.2 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.5.2)
Requirement already satisfied: azure-mgmt-network==1.7.1 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.7.1)
Requirement already satisfied: azure-mgmt-nspkg==2.0.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.0.0)
Requirement already satisfied: azure-mgmt-rdbms==1.2.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.2.0)
Requirement already satisfied: azure-mgmt-resource==1.2.2 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.2.2)
Requirement already satisfied: azure-mgmt-sql==0.7.1 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.7.1)
Requirement already satisfied: azure-mgmt-storage==1.5.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.5.0)
Requirement already satisfied: azure-mgmt-trafficmanager==0.50.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.50.0)
Requirement already satisfied: azure-mgmt-web==0.32.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.32.0)
Requirement already satisfied: azure-nspkg==2.0.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (2.0.0)
Requirement already satisfied: azure-storage==0.35.1 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.35.1)
Requirement already satisfied: msrest==0.4.29 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.4.29)
Requirement already satisfied: msrestazure==0.4.31 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.4.31)
Requirement already satisfied: azure-keyvault==1.0.0a1 in /usr/lib/python2.7/site-packages (from ansible[azure]) (1.0.0a1)
Requirement already satisfied: azure-graphrbac==0.40.0 in /usr/lib/python2.7/site-packages (from ansible[azure]) (0.40.0)
Requirement already satisfied: markupsafe in /usr/lib64/python2.7/site-packages (from jinja2->ansible[azure]) (0.11)
Requirement already satisfied: pycrypto!=2.4,>=2.1 in /usr/lib64/python2.7/site-packages (from paramiko->ansible[azure]) (2.6.1)
Requirement already satisfied: ecdsa>=0.11 in /usr/lib/python2.7/site-packages (from paramiko->ansible[azure]) (0.13)
Requirement already satisfied: idna>=2.1 in /usr/lib/python2.7/site-packages (from cryptography->ansible[azure]) (2.6)
Requirement already satisfied: cffi>=1.7; platform_python_implementation != "PyPy" in /usr/lib64/python2.7/site-packages (from cryptography->ansible[azure]) (1.11.5)
Requirement already satisfied: enum34; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography->ansible[azure]) (1.1.6)
Requirement already satisfied: six>=1.4.1 in /usr/lib/python2.7/site-packages (from cryptography->ansible[azure]) (1.9.0)
Requirement already satisfied: asn1crypto>=0.21.0 in /usr/lib/python2.7/site-packages (from cryptography->ansible[azure]) (0.24.0)
Requirement already satisfied: ipaddress; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography->ansible[azure]) (1.0.22)
Requirement already satisfied: pyparsing>=2.0.2 in /usr/lib/python2.7/site-packages (from packaging->ansible[azure]) (2.3.0)
Requirement already satisfied: urllib3<1.23,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests[security]->ansible[azure]) (1.22)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests[security]->ansible[azure]) (3.0.4)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests[security]->ansible[azure]) (2018.4.16)
Requirement already satisfied: pyOpenSSL>=0.14; extra == "security" in /usr/lib/python2.7/site-packages (from requests[security]->ansible[azure]) (18.0.0)
Requirement already satisfied: argcomplete>=1.8.0 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (1.9.4)
Requirement already satisfied: colorama>=0.3.9 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (0.4.0)
Requirement already satisfied: knack==0.3.3 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (0.3.3)
Requirement already satisfied: tabulate<=0.8.2,>=0.7.7 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (0.8.2)
Requirement already satisfied: wheel==0.30.0 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (0.30.0)
Requirement already satisfied: pygments in /usr/lib64/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (2.2.0)
Requirement already satisfied: PyJWT in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (1.6.4)
Requirement already satisfied: jmespath in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (0.9.0)
Requirement already satisfied: applicationinsights>=0.11.1 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (0.11.7)
Requirement already satisfied: humanfriendly>=4.7 in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (4.17)
Requirement already satisfied: pip in /usr/lib/python2.7/site-packages (from azure-cli-core==2.0.35->ansible[azure]) (18.1)
Requirement already satisfied: python-dateutil in /usr/lib/python2.7/site-packages (from azure-storage==0.35.1->ansible[azure]) (2.7.5)
Requirement already satisfied: isodate>=0.6.0 in /usr/lib/python2.7/site-packages (from msrest==0.4.29->ansible[azure]) (0.6.0)
Requirement already satisfied: requests-oauthlib>=0.5.0 in /usr/lib/python2.7/site-packages (from msrest==0.4.29->ansible[azure]) (1.0.0)
Requirement already satisfied: adal<2.0.0,>=0.5.0 in /usr/lib/python2.7/site-packages (from msrestazure==0.4.31->ansible[azure]) (1.2.0)
Requirement already satisfied: keyring>=12.0.2 in /usr/lib/python2.7/site-packages (from msrestazure==0.4.31->ansible[azure]) (16.0.0)
Requirement already satisfied: pycparser in /usr/lib/python2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography->ansible[azure]) (2.18)
Requirement already satisfied: monotonic; python_version == "2.6" or python_version == "2.7" or python_version == "3.0" or python_version == "3.1" or python_version == "3.2" in /usr/lib/python2.7/site-packages (from humanfriendly>=4.7->azure-cli-core==2.0.35->ansible[azure]) (1.5)
Requirement already satisfied: oauthlib>=0.6.2 in /usr/lib/python2.7/site-packages (from requests-oauthlib>=0.5.0->msrest==0.4.29->ansible[azure]) (2.1.0)
Requirement already satisfied: entrypoints in /usr/lib/python2.7/site-packages (from keyring>=12.0.2->msrestazure==0.4.31->ansible[azure]) (0.2.3)
Requirement already satisfied: secretstorage<3; (sys_platform == "linux2" or sys_platform == "linux") and python_version < "3.5" in /usr/lib/python2.7/site-packages (from keyring>=12.0.2->msrestazure==0.4.31->ansible[azure]) (2.3.1)
Requirement already satisfied: configparser>=3.5; python_version == "2.7" in /usr/lib/python2.7/site-packages (from entrypoints->keyring>=12.0.2->msrestazure==0.4.31->ansible[azure]) (3.5.0)