On Tue, May 21, 2024 at 09:04:23PM +0200, Michal Arbet wrote:
:Btw, did you follow docs ?
been reading
https://docs.openstack.org/kolla-ansible/2023.2/admin/tls.html
I'm a bit unclear which sections apply with letsencrypt info and which
it replaces (probably the config snip I sent will show my possibly
flawed understanding).
-Jon
:Michal Arbet
:Openstack Engineer
:
:Ultimum Technologies a.s.
:Na Poříčí 1047/26, 11000 Praha 1
:Czech Republic
:
:+420 604 228 897
:michal.arbet@ultimum.io
:*https://ultimum.io <
https://ultimum.io/>*
:
:LinkedIn <
https://www.linkedin.com/company/ultimum-technologies> | Twitter
:<
https://twitter.com/ultimumtech> | Facebook
:<
https://www.facebook.com/ultimumtechnologies/timeline>
:
:
:út 21. 5. 2024 v 21:03 odesílatel Michal Arbet <michal.arbet@ultimum.io>
:napsal:
:
:> Hi,
:>
:> Can u send me content of /etc/kolla ?
:>
:> And also config in globals regarding tls ?
:>
:> Kevko
:> Michal Arbet
:> Openstack Engineer
:>
:> Ultimum Technologies a.s.
:> Na Poříčí 1047/26, 11000 Praha 1
:> Czech Republic
:>
:> +420 604 228 897
:> michal.arbet@ultimum.io
:> *https://ultimum.io <
https://ultimum.io/>*
:>
:> LinkedIn <
https://www.linkedin.com/company/ultimum-technologies> | Twitter
:> <
https://twitter.com/ultimumtech> | Facebook
:> <
https://www.facebook.com/ultimumtechnologies/timeline>
:>
:>
:> po 20. 5. 2024 v 22:23 odesílatel Jonathan Proulx <jon@csail.mit.edu>
:> napsal:
:>
:>> On Mon, May 20, 2024 at 01:44:24PM -0400, Jonathan Proulx wrote:
:>> :Hi All,
:>> :
:>> :I'm trying to do a test multinode deploy using 2023.2
:>> :
:>> :I have letsencrypt_webserver and letsencrypt_lego contsainers running
:>> :and I'm seeing random traffic in the
:>> :/var/log/kolla/letsencrypt/letsencrypt-webserver-access.log so fairly
:>> :confident they're plumbed through to the public internet properly, but
:>> :I don't seem to be getting certificates.
:>> :
:>> :how can I trigger a renewal attempt so I can maybe see what I've
:>> :screwed up?
:>>
:>> Of course as soon as I ask I find the answer and more questions.
:>>
:>> `exec`ing the /usr/bin/letsencrypt-certificates line from
:>> `/usr/local/bin/letsencrypt-lego-run.sh` in the letsencrypt_lego
:>> container does get a letsencrypt cert into th haproxy container as
:>> `/etc/haproxy/certificates/haproxy-internal.pem` however there's also
:>> a `/etc/haproxy/certificates/haproxy.pem` that is self-signed.
:>>
:>>
:>> What my `kolla-ansible deploy` is actually dying on is currently:
:>>
:>> fatal: [control0]: FAILED! => {"msg": "An unhandled exception occurred
:>> while templating '{{ lookup('first_found', certs) }}'. Error was a <class
:>> 'ansible.errors.AnsibleLookupError'>, original message: No file was found
:>> when using first_found."}
:>>
:>> so perhaps there's something I need ot turn "off" in `globals.yml`?
:>>
:>>
:>> --
:>> Jonathan Proulx (he/him)
:>> Sr. Technical Architect
:>> The Infrastructure Group
:>> MIT CSAIL
:>>
:>
--
Jonathan Proulx (he/him)
Sr. Technical Architect
The Infrastructure Group
MIT CSAIL