From 2c42e57510a334e717536fb82317b4f0213509fa Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Fri, 5 Apr 2024 10:34:26 -0700 Subject: [PATCH] Add more LE debugging info to our Ansible role Adding the information about which host we were checking for certcheck did help in debugging. It pointed out that a specific host was at fault (nb02 in this case though it could change over time) and further investigation of this host showed acme.sh was not running there at all due to earlier failures. Rather than the playbook ending at that point it continued to run until building the certcheck list and then had a fatal error leading to the confusion. Add a breadcrumb comment to the Ansible role to help point this behavior out in the future. Change-Id: Ib607665d75eb666d19c8508346eb217783b98eb5 --- .../tasks/build_le_domain_list.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml index 4abdd02a87..0fa3092850 100644 --- a/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml +++ b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml @@ -3,6 +3,11 @@ # record the value of our loopvar when failing an iteration (it does when # the loop iteration succeeds) so we don't know where it is breaking. Add # our own debugging here to work around this problem. +# +# The error described above may occur if LE fails on the host we are +# checking domains for. Ansible will stop on that host which doesn't build +# the necessary datastructures. Then when we try to set up certcheck we +# fail again in a more eye catching manner. - name: Record host being looked up for le certcheck domains debug: msg: "Checking domains for {{ inv_hostname }}"