Hi,Can u send me content of /etc/kolla ?And also config in globals regarding tls ?KevkoMichal Arbet
Openstack Engineer
Ultimum Technologies a.s.
Na Poříčí 1047/26, 11000 Praha 1
Czech Republic
+420 604 228 897
michal.arbet@ultimum.io
https://ultimum.iopo 20. 5. 2024 v 22:23 odesílatel Jonathan Proulx <jon@csail.mit.edu> napsal:On Mon, May 20, 2024 at 01:44:24PM -0400, Jonathan Proulx wrote:
:Hi All,
:
:I'm trying to do a test multinode deploy using 2023.2
:
:I have letsencrypt_webserver and letsencrypt_lego contsainers running
:and I'm seeing random traffic in the
:/var/log/kolla/letsencrypt/letsencrypt-webserver-access.log so fairly
:confident they're plumbed through to the public internet properly, but
:I don't seem to be getting certificates.
:
:how can I trigger a renewal attempt so I can maybe see what I've
:screwed up?
Of course as soon as I ask I find the answer and more questions.
`exec`ing the /usr/bin/letsencrypt-certificates line from
`/usr/local/bin/letsencrypt-lego-run.sh` in the letsencrypt_lego
container does get a letsencrypt cert into th haproxy container as
`/etc/haproxy/certificates/haproxy-internal.pem` however there's also
a `/etc/haproxy/certificates/haproxy.pem` that is self-signed.
What my `kolla-ansible deploy` is actually dying on is currently:
fatal: [control0]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ lookup('first_found', certs) }}'. Error was a <class 'ansible.errors.AnsibleLookupError'>, original message: No file was found when using first_found."}
so perhaps there's something I need ot turn "off" in `globals.yml`?
--
Jonathan Proulx (he/him)
Sr. Technical Architect
The Infrastructure Group
MIT CSAIL