search

pythonindia / magudi

Salt stack based config for Python India servers
https://in.pycon.org
5 stars 9 forks source link

Update inpycon/init.sls #30

Open ananyo2012 opened 4 years ago

ananyo2012 commented 4 years ago

Since magudi uses letsencrypt live certs so the symlink rules for the old certs can be removed. It gives a warning now while running provision. Relevant code https://github.com/pythonindia/magudi/blob/6fd3069be580df8c4a3b85bb1e9c216a3d7e2594/salt/roots/inpycon/init.sls#L106-L112

palnabarun commented 4 years ago

What is the exact error?

ananyo2012 commented 4 years ago 
----------
          ID: /etc/ssl/in.pycon.org.2016.fullchain.pem
    Function: file.managed
      Result: False
     Comment: Unable to manage file: File or directory does not exist.
     Started: 12:50:06.214218
    Duration: 21.052 ms
     Changes:   
    Warnings: Failed to detect changes to file: Failed to read
              /etc/letsencrypt/live/in.pycon.org-0001/fullchain.pem: No such
              file or directory
----------
          ID: /etc/ssl/in.pycon.org.2016.pvtkey.pem
    Function: file.managed
      Result: False
     Comment: Unable to manage file: File or directory does not exist.
     Started: 12:50:06.235999
    Duration: 5.222 ms
     Changes:   
    Warnings: Failed to detect changes to file: Failed to read
              /etc/letsencrypt/live/in.pycon.org-0001/privkey.pem: No such file
              or directory
palnabarun commented 4 years ago

Cool! I have an idea of why this is erroring.

I moved the old /etc/letsencrypt to /etc/letsencrypt_bkp since the configuration files were messed up.

ananyo2012 commented 4 years ago

Also you may want to review the ssl logic, since it checks whether ssl is on. In present context ssl should be on by default. Which brings to the point if https://github.com/pythonindia/magudi/blob/master/pillar/pycon.sls is at all required

palnabarun commented 4 years ago

I don't think https://github.com/pythonindia/magudi/blob/master/pillar/pycon.sls is required.

Also, if SSL is on block is also not required. SSL should be on by default

palnabarun commented 4 years ago

https://github.com/pythonindia/magudi/blob/master/pillar/pycon.sls may be required if we store the certificates in pillar and then reference them.

However, with certbot the certificates are kind of disposable. They even automatically renew.