-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
let's encrypt recert #41
Comments
That's awesome! I'm glad it's been helpful.
The command that I run to generate the LetsEncrypt certificates is: docker run --rm --name certbot
-v "/etc/letsencrypt:/etc/letsencrypt:z"
-v "/var/lib/letsencrypt:/var/lib/letsencrypt:z"
-e AWS_ACCESS_KEY_ID={{ lookup('env', 'AWS_ACCESS_KEY_ID') }}
-e AWS_SECRET_ACCESS_KEY={{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}
certbot/dns-route53 certonly
--non-interactive
--agree-tos
--email "{{ cert_email_address }}"
--dns-route53
--dns-route53-propagation-seconds 45
--server https://acme-v02.api.letsencrypt.org/directory
--domain "{{ openshift_public_hostname }}"
--domain "*.apps.{{ openshift_public_hostname }}" You should be able to run that command from the From there, you can use the OpenShift documentation on how to apply those updated certificates to the cluster: https://docs.openshift.com/container-platform/3.11/install_config/redeploying_certificates.html
The inventory file is on the
I haven't specifically tested every single z-stream of v3.11, but it should work with all of them.
OpenShift 4.x is deployed in a very different way. Unfortunately, very little of the code in this repository is re-usable for OpenShift 4.x. I have it on my to do list to work on some automation for deploying OpenShift 4.x bare metal (the generic version of the install) that I may incorporate into this tool eventually, but I don't have a timeline for it. I would recommend checking out the automated provisioning built into OpenShift 4.x for most uses as it should give you a similar experience to how this tool works. |
Hi Jared, |
This error only in west-2. east-1,2 and west-1 is fine. TASK [provision_aws : Create DNS entry for bastion] **************************** MSG: The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'openshift_role_master' The error appears to have been in '/app/playbooks/roles/provision_aws/tasks/route53.yml': line 16, column 3, but may The offending line appears to be:
|
This is an unfortunate artifact of the I have the defaults set to the following due to this tool originally being built for use in an AWS account where only those regions were allowed.
One way to fix it would be to have the startup of the container that runs the playbooks to automatically edit the file with the specified region so that it's always correct. I can try to take a stab at in at some point in the future, but it's likely to be a while as I'm focused on getting a tool to help deploy OpenShift 4. |
This script set has been very useful for me. Thanks! i have few questions.
The text was updated successfully, but these errors were encountered: