[BUG] [v2.0] OpenSearch admin certificate expired

Describe the bug OpenSearch installation fails trying to generate admin certificate with the following error The not valid after date must be after the not valid before. This is because ownca_not_after parameter is set to 20221231235959Z which is currently a date in the past.

https://github.com/epiphany-platform/epiphany/blob/develop/ansible/playbooks/roles/opensearch/tasks/generate-certs.yml#L111

https://github.com/epiphany-platform/epiphany/blob/develop/ansible/playbooks/roles/opensearch/defaults/main.yml#L44

How to reproduce Steps to reproduce the behavior:

execute epicli init ... (with params)
edit config file
execute epicli apply ...

Expected behavior A clear and concise description of what you expected to happen.

Config files If applicable, add config files to help explain your problem.

Environment

Cloud provider: [all]
OS: [all]

epicli version: [2.0.2]

Additional context Add any other context about the problem here.

DoD checklist

Changelog
- [x] updated
- [ ] not needed
COMPONENTS.md
- [ ] updated
- [x] not needed
Schema
- [ ] updated
- [x] not needed
Backport tasks
- [x] created
- [ ] not needed
Documentation
- [ ] added
- [ ] updated
- [x] not needed
[x] Feature has automated tests
[x] Automated tests passed (QA pipelines)
- [x] apply
- [ ] upgrade
- [ ] backup/restore
[x] Idempotency tested
[x] All conversations in PR resolved

Hello Team,

Infra was created successfully on azure via Epiphany terraform. Next, was started ansible for provisioning cluster on azure failed.

OS : Linux (ubuntu 20.04)

Error message:

2023-01-17T14:53:19.2707177Z 14:53:19 INFO cli.src.ansible.AnsibleCommand - TASK [opensearch : Generate admin certificate] *�[0m 2023-01-17T14:53:20.0145871Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0;31mAn exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: The not valid after date must be after the not valid before date.�[0m�[0m 2023-01-17T14:53:20.0167162Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0;31mfatal: [Ass-prod-mt-gulf-cluster-logging-vm-0]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 10.x.x.x closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File "/home/operations/.ansible/tmp/ansible-tmp-1673967199.3290002-13177-79662590870260/AnsiballZ_x509_certificate.py", line 107, in \r\n _ansiballz_main()\r\n File "/home/operations/.ansible/tmp/ansible-tmp-1673967199.3290002-13177-79662590870260/AnsiballZ_x509_certificate.py", line 99, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File "/home/operations/.ansible/tmp/ansible-tmp-1673967199.3290002-13177-79662590870260/AnsiballZ_x509_certificate.py", line 47, in invoke_module\r\n runpy.run_module(mod_name='ansible_collections.community.crypto.plugins.modules.x509_certificate', init_globals=dict(_module_fqn='ansible_collections.community.crypto.plugins.modules.x509_certificate', _modlib_path=modlib_path),\r\n File "/usr/lib/python3.8/runpy.py", line 207, in run_module\r\n return _run_module_code(code, init_globals, run_name, mod_spec)\r\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\r\n _run_code(code, mod_globals, init_globals,\r\n File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\r\n exec(code, run_globals)\r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 413, in \r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 404, in main\r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 328, in generate\r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/module_utils/crypto/module_backends/certificate_ownca.py", line 125, in generate_certificate\r\n File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 552, in not_valid_after\r\n raise ValueError(\r\nValueError: The not valid after date must be after the not valid before date.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}�[0m�[0m 2023-01-17T14:53:20.0245139Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0m 2023-01-17T14:53:20.0246529Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - PLAY RECAP *****�[0m 2023-01-17T14:53:20.0248521Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0;31mAss-prod-mt-gulf-cluster-logging-vm-0�[0m : �[0;32mok=30 �[0m �[0;33mchanged=20 �[0m unreachable=0 �[0;31mfailed=1 �[0m skipped=0 rescued=0 ignored=0 �[0m 2023-01-17T14:53:20.0250040Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0m 2023-01-17T14:53:20.1490135Z 14:53:20 INFO cli.src.commands.Apply - Step finished in: 50m 30.43s�[0m 2023-01-17T14:53:20.1501168Z �[31m14:53:20 ERROR epicli - Error running: "ansible-playbook -i /shared/build/prod-mt-gulf-cluster/inventory --vault-password-file /home/epiuser/.epicli/vault.cfg /shared/build/prod-mt-gulf-cluster/ansible/logging.yml"�[0m 2023-01-17T14:53:21.8814650Z 14:53:21 INFO dump_debug_info - Error dump has been written to: /shared/epicli_error_20230117-145320.dump�[0m 2023-01-17T14:53:21.8816413Z �[33m14:53:21 WARNING dump_debug_info - This dump might contain sensitive information. Check before sharing.�[0m 2023-01-17T14:53:21.8840524Z 14:53:21 INFO run_time - Total run time: 50m 32.17s�[0m 2023-01-17T14:53:21.9620599Z ##[error]Bash exited with code '1'. 2023-01-17T14:53:21.9643824Z ##[section]Finishing: Execute the yaml file skipping the infra

hitachienergy / epiphany

[BUG] [v2.0] OpenSearch admin certificate expired #3306