Add more LE debugging info to our Ansible role

Adding the information about which host we were checking for certcheck did help in debugging. It pointed out that a specific host was at fault (nb02 in this case though it could change over time) and further investigation of this host showed acme.sh was not running there at all due to earlier failures. Rather than the playbook ending at that point it continued to run until building the certcheck list and then had a fatal error leading to the confusion. Add a breadcrumb comment to the Ansible role to help point this behavior out in the future. Change-Id: Ib607665d75eb666d19c8508346eb217783b98eb5
2024-04-05 10:34:26 -07:00 · 2024-04-05 10:34:26 -07:00 · 2c42e57510
commit 2c42e57510
parent 2641e8e6ac
1 changed files with 5 additions and 0 deletions
--- a/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml
+++ b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml
@ -3,6 +3,11 @@
 # record the value of our loopvar when failing an iteration (it does when
 # the loop iteration succeeds) so we don't know where it is breaking. Add
 # our own debugging here to work around this problem.
+#
+# The error described above may occur if LE fails on the host we are
+# checking domains for. Ansible will stop on that host which doesn't build
+# the necessary datastructures. Then when we try to set up certcheck we
+# fail again in a more eye catching manner.
 - name: Record host being looked up for le certcheck domains
  debug:
    msg: "Checking domains for {{ inv_hostname }}"