Skip to content

add ssl_domains and host_vars for data1.htz-fsn.prod.ooni.io#435

Merged
aagbsn merged 2 commits into
mainfrom
add_data1_host_vars
May 26, 2026
Merged

add ssl_domains and host_vars for data1.htz-fsn.prod.ooni.io#435
aagbsn merged 2 commits into
mainfrom
add_data1_host_vars

Conversation

@aagbsn
Copy link
Copy Markdown
Contributor

@aagbsn aagbsn commented May 25, 2026
edited
Loading

deploy-clickhouse.yml included dehydrated which didn't have airflow.prod.ooni.io in ssl_domains (by default it uses inventory_hostname); adding this in host_vars ensures that includes of this module always obtain all the certificates.

@aagbsn
add ssl_domains and host_vars for data1.htz-fsn.prod.ooni.io
affafc4 
deploy-clickhouse.yml included dehydrated which didn't have the
ssl_domains set for airflow.prod.ooni.io; adding this in host_vars
ensures that includes of this module always obtain all the certificates.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 25, 2026
edited
Loading

Ansible Run Output 🤖

Ansible Playbook Recap 🔍

Ansible playbook output 📖success

Show Execution 

$ ansible-playbook playbook.yml --check --diff -i ../tf/modules/ansible_inventory/inventories/inventory-dev.ini
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[ERROR]: the role 'geerlingguy.docker' was not found in /home/runner/work/devops/devops/ansible/roles:/home/runner/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/runner/work/devops/devops/ansible
Origin: /home/runner/work/devops/devops/ansible/deploy-testlists.yml:16:7

14         node_exporter_host: "0.0.0.0"
15         node_exporter_options: ""
16     - role: geerlingguy.docker
         ^ column 7
Pusher @aagbsn
Action pull_request
Working Directory
Workflow .github/workflows/check_ansible.yml
Last updated Mon, 25 May 2026 15:17:50 GMT

@aagbsn
fix airflow certificate path in nginx template
957903b 
dehydrated creates certificates in path /var/lib/dehydrated/ {{
ssl_hostname }} which means using {{ inventory_hostname }} picks the
wrong certificate. I'm not sure how this was working before
@aagbsn
Copy link
Copy Markdown
Contributor Author

aagbsn commented May 25, 2026

I also noticed the nginx template for airflow uses {{ inventory_hostname }} to specify the certificate path; dehydrated creates this in a path that uses the certificate hostname; and the deploy-airflow playbook 'hosts' specifies data1.htz-fsn.prod.ooni.nu so I'm not sure how this was working before.

@aagbsn aagbsn merged commit 2999fb9 into main May 26, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LDiazN LDiazN LDiazN approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aagbsn @LDiazN