opendev/system-config
Code Issues Proposed changes
9ab25e89a9
system-config/playbooks/roles/letsencrypt-install-txt-record
History
Ian Wienand b742bfc911 letsencrypt-install-txt-record: skip disabled hosts 
We are seeing:

  fatal: [adns1.opendev.org]: FAILED! => {"msg": "The task includes an
  option with an undefined variable. The error was:
  'ansible.vars.hostvars.HostVarsVars object' has no attribute
  'acme_txt_required'

I belive this is because we have a disabled mirror host now.  So the
iad.rx.opendev.org mirror is in the "letsencrypt" group, but because
it is also disabled the prior role (letsencrypt-request-certs) has not
run and it has not populated it's "acme_txt_required" variable.

We should skip disabled hosts when inspecting the hosts for this
variable.  Add this to the "with_inventory_hostnames" match.

Change-Id: I33a1c8b6f7e8499248e370f69a9f573a2bf106a5
2019-07-01 13:06:57 +10:00
..
tasks letsencrypt-install-txt-record: skip disabled hosts 2019-07-01 13:06:57 +10:00
templates letsencrypt : use date call for serial number 2019-05-22 16:41:51 +10:00
README.rst letsencrypt support 2019-04-02 15:31:41 +11:00

README.rst

Install authentication records for letsencrypt

Install TXT records to the acme.opendev.org domain. This role runs only the adns server, and assumes ownership of the /var/lib/bind/zones/acme.opendev.org/zone.db file. After installation the nameserver is refreshed.

After this, letsencrypt-create-certs can run on each host to provision the certificates.

Role Variables

A global dictionary of TXT records to be installed. This is generated in a prior step on each host by the letsencrypt-request-certs role.