Hi,

Can u send me content of /etc/kolla ? 

And also config in globals regarding tls ? 

Kevko
Michal Arbet
Openstack Engineer

Ultimum Technologies a.s.
Na Poříčí 1047/26, 11000 Praha 1
Czech Republic

+420 604 228 897 
michal.arbet@ultimum.io
https://ultimum.io



po 20. 5. 2024 v 22:23 odesílatel Jonathan Proulx <jon@csail.mit.edu> napsal:
On Mon, May 20, 2024 at 01:44:24PM -0400, Jonathan Proulx wrote:
:Hi All,
:
:I'm trying to do a test multinode deploy using 2023.2
:
:I have letsencrypt_webserver and letsencrypt_lego contsainers running
:and I'm seeing random traffic in the
:/var/log/kolla/letsencrypt/letsencrypt-webserver-access.log so fairly
:confident they're plumbed through to the public internet properly, but
:I don't seem to be getting certificates.
:
:how can I trigger a renewal attempt so I can maybe see what I've
:screwed up?

Of course as soon as I ask I find the answer and more questions.

`exec`ing the /usr/bin/letsencrypt-certificates line from
`/usr/local/bin/letsencrypt-lego-run.sh` in the letsencrypt_lego
container does get a letsencrypt cert into th haproxy container as
`/etc/haproxy/certificates/haproxy-internal.pem` however there's also
a `/etc/haproxy/certificates/haproxy.pem` that is self-signed.


What my `kolla-ansible deploy` is actually dying on is currently:

fatal: [control0]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ lookup('first_found', certs) }}'. Error was a <class 'ansible.errors.AnsibleLookupError'>, original message: No file was found when using first_found."}

so perhaps there's something I need ot turn "off" in `globals.yml`?


--
Jonathan Proulx (he/him)
Sr. Technical Architect
The Infrastructure Group
MIT CSAIL