From 2c42e57510a334e717536fb82317b4f0213509fa Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Fri, 5 Apr 2024 10:34:26 -0700
Subject: [PATCH] Add more LE debugging info to our Ansible role

Adding the information about which host we were checking for certcheck
did help in debugging. It pointed out that a specific host was at fault
(nb02 in this case though it could change over time) and further
investigation of this host showed acme.sh was not running there at all
due to earlier failures. Rather than the playbook ending at that point
it continued to run until building the certcheck list and then had a
fatal error leading to the confusion.

Add a breadcrumb comment to the Ansible role to help point this behavior
out in the future.

Change-Id: Ib607665d75eb666d19c8508346eb217783b98eb5
---
 .../tasks/build_le_domain_list.yaml                          | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml
index 4abdd02a87..0fa3092850 100644
--- a/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml
+++ b/playbooks/roles/letsencrypt-config-certcheck/tasks/build_le_domain_list.yaml
@@ -3,6 +3,11 @@
 # record the value of our loopvar when failing an iteration (it does when
 # the loop iteration succeeds) so we don't know where it is breaking. Add
 # our own debugging here to work around this problem.
+#
+# The error described above may occur if LE fails on the host we are
+# checking domains for. Ansible will stop on that host which doesn't build
+# the necessary datastructures. Then when we try to set up certcheck we
+# fail again in a more eye catching manner.
 - name: Record host being looked up for le certcheck domains
   debug:
     msg: "Checking domains for {{ inv_hostname }}"