Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update inpycon/init.sls #30

Open
ananyo2012 opened this issue Mar 8, 2020 · 6 comments
Open

Update inpycon/init.sls #30

ananyo2012 opened this issue Mar 8, 2020 · 6 comments

Comments

@ananyo2012
Copy link
Contributor

Since magudi uses letsencrypt live certs so the symlink rules for the old certs can be removed. It gives a warning now while running provision. Relevant code

magudi/salt/roots/inpycon/init.sls

Lines 106 to 112 in 6fd3069

/etc/ssl/in.pycon.org.2016.fullchain.pem:
file.managed:
- contents_pillar: pycon:ssl:cert
/etc/ssl/in.pycon.org.2016.pvtkey.pem:
file.managed:
- contents_pillar: pycon:ssl:key

@palnabarun
Copy link
Member

What is the exact error?

@ananyo2012
Copy link
Contributor Author 

----------
          ID: /etc/ssl/in.pycon.org.2016.fullchain.pem
    Function: file.managed
      Result: False
     Comment: Unable to manage file: File or directory does not exist.
     Started: 12:50:06.214218
    Duration: 21.052 ms
     Changes:   
    Warnings: Failed to detect changes to file: Failed to read
              /etc/letsencrypt/live/in.pycon.org-0001/fullchain.pem: No such
              file or directory
----------
          ID: /etc/ssl/in.pycon.org.2016.pvtkey.pem
    Function: file.managed
      Result: False
     Comment: Unable to manage file: File or directory does not exist.
     Started: 12:50:06.235999
    Duration: 5.222 ms
     Changes:   
    Warnings: Failed to detect changes to file: Failed to read
              /etc/letsencrypt/live/in.pycon.org-0001/privkey.pem: No such file
              or directory

@palnabarun
Copy link
Member

Cool! I have an idea of why this is erroring.

I moved the old /etc/letsencrypt to /etc/letsencrypt_bkp since the configuration files were messed up.

@ananyo2012
Copy link
Contributor Author

Also you may want to review the ssl logic, since it checks whether ssl is on. In present context ssl should be on by default. Which brings to the point if https://github.com/pythonindia/magudi/blob/master/pillar/pycon.sls is at all required

@palnabarun
Copy link
Member

I don't think https://github.com/pythonindia/magudi/blob/master/pillar/pycon.sls is required.

Also, if SSL is on block is also not required. SSL should be on by default

@palnabarun
Copy link
Member

https://github.com/pythonindia/magudi/blob/master/pillar/pycon.sls may be required if we store the certificates in pillar and then reference them.

However, with certbot the certificates are kind of disposable. They even automatically renew.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@palnabarun @ananyo2012