Thank you all! I found a typo in a variable. It's working as expected now. :-)
On Wed, Apr 8, 2020 at 3:00 PM 'Felix Fontein' via Ansible Project < [email protected]> wrote: > Hi Edoardo, > > for route53, you can simply set `wait: yes` (see > > https://docs.ansible.com/ansible/latest/modules/route53_module.html#parameter-wait > ) > and the module will only return once all DNS servers have been updated. > Also takes some time (feels like forever ;) ), but a lot less than 20 > minutes. > > For general waits, there's also the pause module > (https://docs.ansible.com/ansible/latest/modules/pause_module.html). > For example: > > - name: Wait for DNS entries to propagate > pause: > seconds: 10 > > For 20 minutes your solution is better though, since you can see that > something is still happening once per minute ;) > > Cheers, > Felix > > > > I created this snippet to wait for DNS resolution before proceeding > > with the ACME verification. > > > > - name: '{{ certificate.common_name }} | "Wax on, wax off"' > > debug: > > msg: "{{ dns_txt_record }} <=> {{ item.1 | first }}" > > when: acme_challenge is changed > > loop: "{{ acme_challenge.challenge_data_dns | dictsort }}" > > until: dns_txt_record == item.1[0] > > # If the until parameter isn’t defined, the value for the > > retries parameter is forced to 1. > > # > > > https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html?highlight=delay#id9 > > retries: 20 > > delay: 60 > > vars: > > dns_txt_record: "{{ lookup('dig', item.0, 'qtype=TXT') }}" > > > > This is tailored for AWS Route53 but be easy to adapt. It performs a > > DNS TXT request once every minute checking for the ACME challenge > > text until it's found or reaches 20 minutes. > > > > 20 minutes is a very long time but please note than this is run > > locally (on operator machine or server) and as such I preferred to > > keep a longer buffer (as DNS propagation may take time). As until is > > used it stops waiting once the entry is found, the wait time depends > > on how fast the DNS entry is found so there is no penalty if it's > > found sooner. > > > > As the check is then performed from the ACME provider servers, this > > does not ensure 100% that when the record is available to you is > > available also to them, but in almost all cases this will be true as > > propagation to their system will be faster or equal than propagation > > to your system. This check has proven very effective for the last 2 > > years, but YMMV :) > > > > You can obviously tweak retries and delay to suit your network > > conditions. > > > > Hope it helps! > > > > Best, > > Edoardo > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/20200408145956.67c6d0f3%40utsjoki > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CABG_dsuWJ5_1XQz7S2QUEugPpN1drdi%3DfjT77kzKs7YdT5DWMw%40mail.gmail.com.
