Hi Edoardo, for route53, you can simply set `wait: yes` (see https://docs.ansible.com/ansible/latest/modules/route53_module.html#parameter-wait) and the module will only return once all DNS servers have been updated. Also takes some time (feels like forever ;) ), but a lot less than 20 minutes.
For general waits, there's also the pause module (https://docs.ansible.com/ansible/latest/modules/pause_module.html). For example: - name: Wait for DNS entries to propagate pause: seconds: 10 For 20 minutes your solution is better though, since you can see that something is still happening once per minute ;) Cheers, Felix > I created this snippet to wait for DNS resolution before proceeding > with the ACME verification. > > - name: '{{ certificate.common_name }} | "Wax on, wax off"' > debug: > msg: "{{ dns_txt_record }} <=> {{ item.1 | first }}" > when: acme_challenge is changed > loop: "{{ acme_challenge.challenge_data_dns | dictsort }}" > until: dns_txt_record == item.1[0] > # If the until parameter isn’t defined, the value for the > retries parameter is forced to 1. > # > https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html?highlight=delay#id9 > retries: 20 > delay: 60 > vars: > dns_txt_record: "{{ lookup('dig', item.0, 'qtype=TXT') }}" > > This is tailored for AWS Route53 but be easy to adapt. It performs a > DNS TXT request once every minute checking for the ACME challenge > text until it's found or reaches 20 minutes. > > 20 minutes is a very long time but please note than this is run > locally (on operator machine or server) and as such I preferred to > keep a longer buffer (as DNS propagation may take time). As until is > used it stops waiting once the entry is found, the wait time depends > on how fast the DNS entry is found so there is no penalty if it's > found sooner. > > As the check is then performed from the ACME provider servers, this > does not ensure 100% that when the record is available to you is > available also to them, but in almost all cases this will be true as > propagation to their system will be faster or equal than propagation > to your system. This check has proven very effective for the last 2 > years, but YMMV :) > > You can obviously tweak retries and delay to suit your network > conditions. > > Hope it helps! > > Best, > Edoardo > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20200408145956.67c6d0f3%40utsjoki.
