| 2019-03-27 16:10:42 |
James Bagwell |
description |
When using the 'kolla-ansible certificates' command to generate tls certificates, we encounter the following error:
TASK [certificates : Setting permissions on key] *********************************************************************************************************************************************************
Tuesday 26 March 2019 20:29:03 +0000 (0:00:00.620) 0:00:09.874 *********
fatal: [localhost]: FAILED! => {"changed": false, "msg": "file (/etc/kolla/certificatescertificates/private/haproxy.key) is absent, cannot continue", "path": "/etc/kolla/certificatescertificates/private
/haproxy.key", "state": "absent"}
NO MORE HOSTS LEFT ***************************************************************************************************************************************************************************************
to retry, use: --limit @/home/stack/.ansible-retry/certificates.retry
PLAY RECAP ***********************************************************************************************************************************************************************************************
localhost : ok=5 changed=0 unreachable=0 failed=1
Upon inspection of the following file:
cat /usr/share/kolla-ansible/ansible/roles/certificates/defaults/main.yml
---
# Directory on deploy node (localhost) in which certificates are generated.
certificates_dir: "{{ node_config }}/certificates"
It seems as though the "certificates" is not needed as {{ node_config }} is already defined with this path. This leads to a wrong path as seen in the error above:
"/etc/kolla/certificatescertificates/private/haproxy.key"
Removing the certificates directory from the main.yaml and rerunning the 'kolla-ansible certificates' returns successfully now. Tested a deployment using these certificates which also was successful. |
When using the 'kolla-ansible certificates' command to generate tls certificates, we encounter the following error:
TASK [certificates : Setting permissions on key] *********************************************************************************************************************************************************
Tuesday 26 March 2019 20:29:03 +0000 (0:00:00.620) 0:00:09.874 *********
fatal: [localhost]: FAILED! => {"changed": false, "msg": "file (/etc/kolla/certificatescertificates/private/haproxy.key) is absent, cannot continue", "path": "/etc/kolla/certificatescertificates/private
/haproxy.key", "state": "absent"}
NO MORE HOSTS LEFT ***************************************************************************************************************************************************************************************
to retry, use: --limit @/home/stack/.ansible-retry/certificates.retry
PLAY RECAP ***********************************************************************************************************************************************************************************************
localhost : ok=5 changed=0 unreachable=0 failed=1
Upon inspection of the following file:
ansible/roles/certificates/tasks/generate.yml . specifically in the setting permissions on key' task, The 'Setting
permissions on Key' task has a path of '{{ certificates_dir
}}/certificates/private/haproxy.key which is incorrect.
---
# Directory on deploy node (localhost) in which certificates are generated.
certificates_dir: "{{ node_config }}/certificates"
It seems as though the "certificates" is not needed as {{ node_config }} is already defined with this path. This leads to a wrong path as seen in the error above:
"/etc/kolla/certificatescertificates/private/haproxy.key"
Removing the certificates directory from the generate.yaml 'Setting permissions on key' task, and rerunning the 'kolla-ansible certificates' returns successfully now. Tested a deployment using these certificates which also was successful. |
|
