[ansible-project] Unable to start nginx.service in sonar virtual box because of .PEM cert is not available.

[Dhanasekar Jaganathan]

SUMMARY

I am new to ANSIBLE. I am building my automation system with Ansible.
With this article as referece "
https://www.redhat.com/en/blog/integrating-ansible-jenkins-cicd-process"; 
and I have downloaded vagrant-alm-master source from this location "
https://github.com/ricardozanini/vagrant-alm";

After entering command "vagrant up", I am getting below issue.

RUNNING HANDLER [/home/user/.ansible/roles/nginxinc.nginx : (Handler: All OSs) 
Start NGINX] ***
fatal: [sonar_box]: FAILED! => {"changed": false, "msg": "Unable to start 
service nginx: Job for nginx.service failed because the control process exited 
with error code. See \"systemctl status nginx.service\" and \"journalctl -xe\" 
for details.\n"}

RUNNING HANDLER [lean_delivery.sonarqube : Restart Sonarqube] ******************

NO MORE HOSTS LEFT *************************************************************

PLAY RECAP *********************************************************************
sonar_box                  : ok=54   changed=32   unreachable=0    failed=1    
skipped=153  rescued=0    ignored=0   

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.


Vagrant build process stopped because of nginx service is not started in 
sonar virtual box.
Vagrant build process able to produce TOWER and JENKINS virtual box without 
error.

I have entered into sonar virtual box by giving this command " vagrant up 
sonar_box". I have observed that nginx service is not started because of "
sonar.local.pem" certificate unavailable at this location "
/etc/ssl/sonar.local/" . I am getting below error for nginx status

[vagrant@sonar ~]$ sudo systemctl status nginx.service 
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor 
preset: disabled)
   Active: failed (Result: exit-code) since Thu 2019-07-11 10:29:55 UTC; 3min 
5s ago
     Docs: http://nginx.org/en/docs/
  Process: 10714 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf 
(code=exited, status=1/FAILURE)

Jul 11 10:29:55 sonar.local systemd[1]: Starting nginx - high performance web 
server...
Jul 11 10:29:55 sonar.local nginx[10714]: nginx: [emerg] cannot load 
certificate "/etc/ssl/sonar.local/sonar.local.pem": BIO_new_file() failed (SSL: 
error:02001002:system library:fopen:No...:no such file)
Jul 11 10:29:55 sonar.local systemd[1]: nginx.service: control process exited, 
code=exited status=1
Jul 11 10:29:55 sonar.local systemd[1]: Failed to start nginx - high 
performance web server.
Jul 11 10:29:55 sonar.local systemd[1]: Unit nginx.service entered failed state.
Jul 11 10:29:55 sonar.local systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full

I have observed "sonar.local" folder is not created under "/etc/ssl" in 
SONAR virtual box.

I have commented SSL certification path in the below roles, but it is not 
fixing the issue,


*1.lean_delivery.sonarqube2.nginxinc.nginx*
ISSUE TYPE
   
   - Build issue

COMPONENT NAME



*1.lean_delivery.sonarqube2.nginxinc.nginx3.geerlingguy.sonar*
ANSIBLE VERSION

root@quanta:/home/user/dhanasekar/Automation/vagrant-alm-master# ansible 
--version
ansible 2.8.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Nov 27 2018, 23:36:35) [GCC 7.3.0]


CONFIGURATION

root@quanta:/home/user/dhanasekar/Automation/vagrant-alm-master# ansible-config 
dump --only-changed
DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = [u'/etc/ansible/hosts']


OS / ENVIRONMENT

OS: Ubuntu 18.04
STEPS TO REPRODUCE
   
   1. Download source from this location "
   https://github.com/ricardozanini/vagrant-alm";
   2. Go to this ".../vagran-alm-master"
   3. Enter "vagrant up" command in terminal

FYR, I have shared my alm.yaml file

# requirements install
- name: Install Roles from Galaxy
  hosts: all
  connection: local
  tasks:
    - name: installing required ansible-galaxy roles
      command: "ansible-galaxy install --ignore-errors -r requirements.yml"

# Let's rock on ALM
- name: Deploy Jenkins CI
  hosts: jenkins_server
  remote_user: "{{ ansible_ssh_user | default('vagrant') }}"
  become: yes

  roles:
    - geerlingguy.repo-epel
#   - geerlingguy.jenkins  #commented by dhanasekar
    - /home/user/.ansible/roles/geerlingguy.jenkins
    - geerlingguy.git
    - tecris.maven
    - geerlingguy.ansible

- name: Deploy Nexus Server
  hosts: nexus_server
  remote_user: "{{ ansible_ssh_user | default('vagrant') }}"
  become: yes

  roles:
#    - geerlingguy.java         #commented by dhanasekar
    - /home/user/.ansible/roles/geerlingguy.java
    - savoirfairelinux.nexus3-oss

- name: Deploy Sonar Server
  hosts: sonar_server
  remote_user: "{{ ansible_ssh_user | default('vagrant') }}"
  become: yes
# added by dhanasekar start
  vars: 
    ssl_certs_common_name: "{{ ansible_fqdn }}"
# added by dhanasekar end
  pre_tasks:
    - name: "install epel"
      package:
        name: 
"https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm";
        state: "present"
      when: ansible_distribution == 'RedHat'
    # delete plugins installed on previous run to prevent conflict in case if 
any plugin is updated
    - name: "delete plugins"
      file:
        path: "{{ sonar_path }}/sonarqube-{{ sonar_major_version }}.{{ 
sonar_minor_version }}/extensions/plugins"
        state: absent      
  roles:
#    - role: geerlingguy.java #commneted by dhanasekar
    - role: /home/user/.ansible/roles/geerlingguy.java
#       added by dhanasekar start
#    - role: /home/user/.ansible/roles/jdauphant.ssl-certs
#      ssl_certs_common_name: "{{ ansible_fqdn }}"
#    - role: /home/user/.ansible/roles/lean_delivery.sonarqube
#       added by dhanasekar end

    - role: ANXS.postgresql
      postgresql_users:
        - name: sonar
          pass: sonar
      postgresql_databases:
        - name: sonar
          owner: sonar
    - role: /home/user/.ansible/roles/nginxinc.nginx
    - role: lean_delivery.sonarqube
      sonar_java_opts:
        web: "-server -Xmx512m -Xms512m"
        es: "-Xmx1g -Xms1g" 
        ce: "-Xmx512m -Xms512m"
      web:
        host: "localhost"
        port: 9000
        path: "/" 
      sonar_proxy_server_name: "{{ ssl_certs_common_name }}"
      sonar_proxy_http: True
      # sonar_optional_plugins:
      #   - 
"https://sonarsource.bintray.com/Distribution/sonar-auth-github-plugin/sonar-auth-github-plugin-1.3.jar";
       #  - 
"https://github.com/QualInsight/qualinsight-plugins-sonarqube-smell/releases/download/qualinsight-plugins-sonarqube-smell-4.0.0/qualinsight-sonarqube-smell-plugin-4.0.0.jar";
       #  - 
"https://github.com/QualInsight/qualinsight-plugins-sonarqube-badges/releases/download/qualinsight-plugins-sonarqube-badges-3.0.1/qualinsight-sonarqube-badges-3.0.1.jar";
       #  - 
"https://github.com/racodond/sonar-json-plugin/releases/download/2.3/sonar-json-plugin-2.3.jar";
       #  - 
"https://github.com/RIGS-IT/sonar-xanitizer/releases/download/1.5.0/sonar-xanitizer-plugin-1.5.0.jar";
       #  - 
"https://github.com/gabrie-allaigre/sonar-gitlab-plugin/releases/download/3.0.1/sonar-gitlab-plugin-3.0.1.jar";
       #  - 
"https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/releases/download/1.3.2/sonar-auth-gitlab-plugin-1.3.2.jar";
       #  - 
"https://binaries.sonarsource.com/Distribution/sonar-css-plugin/sonar-css-plugin-1.0.2.611.jar";
       #  - 
"https://binaries.sonarsource.com/Distribution/sonar-kotlin-plugin/sonar-kotlin-plugin-1.2.1.2009.jar";
  post_tasks:
    - name: "start sonarqube"
      service: name="sonarqube" state="started"
    - name: "delete default nginx config"
      file:
        path: /etc/nginx/conf.d/default.conf
        state: absent
    - name: "restart, enable nginx"
      service: name="nginx" state="restarted" enabled=True
    # see https://github.com/ANXS/postgresql/issues/363
    - name: "enable postgresql"
      service: name="postgresql-{{ postgresql_version }}" enabled=True
      when: ansible_distribution == 'CentOS'

- name: On Premises CentOS
  hosts: app_server
  remote_user: "{{ ansible_ssh_user | default('vagrant') }}"
  become: yes

  roles:
    - jenkins-keys-config    
    


EXPECTED RESULTS

Build process should pass.
Should created SONAR virtual box completely without error
NGINX service should start in SONAR virtual box
ACTUAL RESULTS

Build process is failing
SONAR virtual box is not creating completely
NGINX service is not starting in SONAR virtual box because of 
sonar.local.pem certificate is not available .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5b4cf8fe-10cc-4fbf-92a1-abd1fd507f57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.