From 475edcbe980181cdfca033c84ea5e39085569ae5 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 16 Oct 2023 13:08:05 -0700 Subject: [PATCH] Add debugging info to certcheck list building We've seen the certcheck list building loop fail because some host doesn't ahve the appropriate var in its hostvars. Unfortunately ansible logging doesn't record the value of the list iteration item when an iteration fails. It only records this value when it succeeds.... Work around this with our own debugging output. Additionally use a unique loop_var value in case we're hitting some sort of 'item' name collision problem. It is just good practice to avoid 'item' anyway. Change-Id: Ia3ed089187e0b8397413fbb989c44906d56811ae --- .../tasks/build_le_domain_list.yaml | 12 ++++++++++++ .../letsencrypt-config-certcheck/tasks/main.yaml | 7 ++++--- 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml diff --git a/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml new file mode 100644 index 0000000000..4abdd02a87 --- /dev/null +++ b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml @@ -0,0 +1,12 @@ +# We've seen the lookups of hosts in hostvars below fail to find the +# letsencrypt_certcheck_domains value. For some reason ansible doesn't +# record the value of our loopvar when failing an iteration (it does when +# the loop iteration succeeds) so we don't know where it is breaking. Add +# our own debugging here to work around this problem. +- name: Record host being looked up for le certcheck domains + debug: + msg: "Checking domains for {{ inv_hostname }}" + +- name: Build SSL domain list + set_fact: + letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains + hostvars[inv_hostname]["letsencrypt_certcheck_domains"] }}' diff --git a/playbooks/roles/letsencrypt-config-certcheck/tasks/main.yaml b/playbooks/roles/letsencrypt-config-certcheck/tasks/main.yaml index 3449a87d0e..c99b57ffeb 100644 --- a/playbooks/roles/letsencrypt-config-certcheck/tasks/main.yaml +++ b/playbooks/roles/letsencrypt-config-certcheck/tasks/main.yaml @@ -2,11 +2,12 @@ set_fact: letsencrypt_certcheck_domains: [] -- name: Build SSL domain list - set_fact: - letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains + hostvars[item]["letsencrypt_certcheck_domains"] }}' +- name: Debug build SSL domain list + include_tasks: build_le_domain_list.yaml with_inventory_hostnames: - letsencrypt:!disabled + loop_control: + loop_var: inv_hostname - name: Write configuration file template: