Browse Source

bind test: setup bind before icinga

and don't monitor external-host. Error was:

    TASK [letsencrypt-nginx : call let's encrypt on icinga.g4ytcmbxgy2tinjrbi.test.enough.community] ***
    fatal: [icinga-host]: FAILED! => {
        "changed": true,
        "cmd": [
          "certbot", "-n", "--agree-tos", "--email", "icingaadmins@g4ytcmbxgy2tinjrbi.test.enough.community", "-d",
          "icinga.g4ytcmbxgy2tinjrbi.test.enough.community", "--authenticator", "standalone", "--installer", "nginx",
          "--pre-hook", "systemctl stop nginx", "--post-hook", "systemctl start nginx", "--redirect", "--test-cert"
        ],
        "failed": true,
        "msg": "non-zero return code",
        "rc": 1,
        "stderr_lines": [
            "Saving debug log to /var/log/letsencrypt/letsencrypt.log",
            "Running pre-hook command: systemctl stop nginx",
            "Obtaining a new certificate",
            "Performing the following challenges:",
            "http-01 challenge for icinga.g4ytcmbxgy2tinjrbi.test.enough.community",
            "Waiting for verification...",
            "Cleaning up challenges",
            "Running post-hook command: systemctl start nginx",
            "Failed authorization procedure. icinga.g4ytcmbxgy2tinjrbi.test.enough.community (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up A for icinga.g4ytcmbxgy2tinjrbi.test.enough.community"
        ],
        "stdout_lines": [
            "IMPORTANT NOTES:",
            " - If you lose your account credentials, you can recover through",
            "   e-mails sent to",
            "   icingaadmins@g4ytcmbxgy2tinjrbi.test.enough.community.",
            " - The following errors were reported by the server:",
            "",
            "   Domain: icinga.g4ytcmbxgy2tinjrbi.test.enough.community",
            "   Type:   None",
            "   Detail: DNS problem: SERVFAIL looking up A for",
            "   icinga.g4ytcmbxgy2tinjrbi.test.enough.community",
            " - Your account credentials have been saved in your Certbot",
            "   configuration directory at /etc/letsencrypt. You should make a",
            "   secure backup of this folder now. This configuration directory will",
            "   also contain certificates and private keys obtained by Certbot so",
            "   making regular backups of this folder is ideal."
        ],
        [...]
    }
keep-around/f96c97389108d713159447382effcec4c7108e36
Pierre-Louis Bonicoli 3 years ago
parent
commit
f96c973891
No known key found for this signature in database GPG Key ID: ADC2651DDACD3538
  1. 2
      inventory/host_vars/external-host/disable-monitoring.yml
  2. 4
      molecule/bind/playbook.yml

2
inventory/host_vars/external-host/disable-monitoring.yml

@ -0,0 +1,2 @@
---
not_monitored: True

4
molecule/bind/playbook.yml

@ -3,10 +3,10 @@
- import_playbook: ../misc/history-playbook.yml
- import_playbook: ../misc/sexy-debian-playbook.yml
- import_playbook: ../misc/sshd-playbook.yml
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: bind-playbook.yml
- import_playbook: bind-client-playbook.yml
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: bind-monitoring-playbook.yml
- import_playbook: test-bind-client-playbook.yml

Loading…
Cancel
Save