Parallel __letsencrypt_cert inconsistent in finding existing cert #27

New Issue

Closed

opened 2021-11-20 11:24:55 +00:00 by ungleich-gitea · 6 comments

ungleich-gitea commented 2021-11-20 11:24:55 +00:00

Owner

Copy Link

My setup is using __letsencrypt_cert for several domains in my manifest, however the actual working seems to be inconsistent:

Running cdist config -v my.host.name is running fine, it skips the already existing certs.

However, if I try to speed up exectuion by using cdist config -j2 -v my.host.name, half of my certs seem to be missed by the explorers, and __letsencrypt_cert calls certbot even for existing, completely valid certificates, forcing it to reissue certificates). Which in turn causes me to hit the rate-limit.

My setup is using __letsencrypt_cert for several domains in my manifest, however the actual working seems to be inconsistent: Running `cdist config -v my.host.name` is running fine, it skips the already existing certs. However, if I try to speed up exectuion by using `cdist config -j2 -v my.host.name`, half of my certs seem to be missed by the explorers, and `__letsencrypt_cert` calls `certbot` even for existing, completely valid certificates, forcing it to reissue certificates). Which in turn causes me to hit the rate-limit.

ungleich-gitea closed this issue 2021-11-20 11:24:55 +00:00

ungleich-gitea commented 2021-11-20 15:27:28 +00:00

Author

Owner

Copy Link

mentioned in commit a696f3cf00

mentioned in commit a696f3cf0026ec96e4cf7235ee8634391ccfecdb

ungleich-gitea commented 2021-11-20 15:27:29 +00:00

Author

Owner

Copy Link

mentioned in commit 81b426e4e2

mentioned in commit 81b426e4e2976c44898ec5439f1f2394e4ea2dfc

ungleich-gitea commented 2021-11-20 15:27:30 +00:00

Author

Owner

Copy Link

mentioned in merge request !976

mentioned in merge request !976

ungleich-gitea commented 2021-11-20 15:27:32 +00:00

Author

Owner

Copy Link

mentioned in commit 9ba9dceb1a709f47c059d2e21d1e4e5b1b81d00f

mentioned in commit 9ba9dceb1a709f47c059d2e21d1e4e5b1b81d00f

ungleich-gitea commented 2021-11-20 15:27:33 +00:00

Author

Owner

Copy Link

EDIT: missed that the report for #848 already uses this issue as an example of that behaviour being problematic.

Looking at __letsencrypt_cert/explorer/certificate-exists I'm wondering if certbot has issues with locking or something similar and this could have something to do with #848, will try to create a test to reproduce it.

EDIT: missed that the report for #848 already uses this issue as an example of that behaviour being problematic. Looking at [__letsencrypt_cert/explorer/certificate-exists](cdist/conf/type/__letsencrypt_cert/explorer/certificate-exists) I'm wondering if certbot has issues with locking or something similar and this could have something to do with #848, will try to create a test to reproduce it.

ungleich-gitea commented 2021-11-20 15:27:34 +00:00

Author

Owner

Copy Link

@fancsali __letsencrypt_cert is marked as nonparallel.
Can you give more info?
Can you paste your manifest and debug log output?

@fancsali `__letsencrypt_cert` is marked as `nonparallel`. Can you give more info? Can you paste your manifest and debug log output?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

7.0

6.9

py3.10

ander/__package_apt_update_index

haproxy-dualstack

ander/__sed

beta

ander/os_version_debian_sid

evilham-compatibility-fixes

ander/__rsync

__snakeoil_cert

ander/update_readme

__download_improvements

feature/onchange

cleanup/string-formatting

feature/type-relationship-graph

cleanup/ssh-auth-keys-types

__letsencrypt_cert-fix-hooks

bugfix/preos-debug

bugfix/in-script-import

6.8

bugfix/sphinx-docs-build

6.7

cherry-pick-2f433a14

bugfix/make-code-consistent

6.6

regain-py3.2-support

6.5

bugfix/multiple-log-lines

matterbridge

coturn

alpinefix

matrix

new-type/network-interface

feature/process

6.4

feature/info-command

feature/libexec

6.3

preos-plugins-dir-opt

gitlab-ci

6.2

order-dep-fix

6.1

6.0

build/support-pip-from-git

feature/shell-lib

5.1

feature/support-type-deprecation

5.0

feature/python-types

4.11

4.10

shellcheck

4.9

4.8

freebsd-improvements

new-prometheus

key_value-onchange

feature/output_streams

AnotherKamila-patch-1

__letsencrypt_cert-fixes

letsencrypt-cron-fix

4.7

newtype-__letsencrypt_cert

os_explorer_devuan_fix

prometheus-exporter-fixes

daemontools-for-fbsd

type-prometheus-exporter-from-master

prometheus-more-fixes

4.6

4.5

fix-j

steven-backport

4.4

prometheus-fixes

grafana_dashboard

prometheus

daemontools

consul_improvements

feature/trigger

4.3

4.0-pre-not-stable

4.2

4.1

4.0

feature_install_and_preos

3.1

no-dot-cdist

random_dot_cdist

feature_yum_url

feature_files_export

3.0

2.3

2.2

2.1

ssh_callback

2.0

archive_shell_function_approach

1.7

1.6

1.5

1.4

1.3

1.2

1.1

1.0

7.0.0

6.9.8

6.9.7

6.9.6

6.9.5

6.9.4

6.9.3

6.9.2

6.9.1

6.9.0

6.8.0

6.7.0

6.6.0

6.5.6

6.5.5

6.5.4

6.5.3

6.5.2

6.5.1

6.5.0

6.4.0

6.3.0

6.2.0

6.1.1

6.1.0

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

4.11.1

4.11.0

4.10.11

4.10.10

4.10.9

4.10.8

4.10.7

4.10.6

4.10.5

4.10.4

4.10.3

4.10.2

4.10.1

4.10.0

4.9.1

4.9.0

4.8.4

4.8.3

4.8.2

4.8.1

4.8.0

4.7.3

4.7.2

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.4

4.4.3

4.4.2

4.4.1

4.4.0

4.3.2

4.3.1

4.3.0

4.2.2

4.2.1

4.2.0

4.1.0

4.0.0

3.1.13

tn1

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

4.0.0pre3

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

4.0.0pre2

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

4.0.0pre1

3.0.2

3.0.1

3.0.0

2.3.7

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.2.0

2.1.2

2.1.1

2.1.0

2.1.0pre8

2.1.0pre7

2.1.0pre6

2.0.15

2.1.0pre5

2.1.0pre4

2.1.0pre3

2.1.0pre2

2.1.0pre1

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.0

1.4.1

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.9.9

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

bugfix

  

cleanup

  

discussion

  

documentation

  

doing

  

done

  

feature

  

improvement

  

packaging

  

Stale

  

testing

  

TODO

No Label

bugfix

cleanup

discussion

documentation

doing

done

feature

improvement

packaging

Stale

testing

TODO

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist#27

No description provided.