Michael Schiemer
36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
136 lines
5.1 KiB
YAML
136 lines
5.1 KiB
YAML
---
|
|
# Check Traefik Logs and ACME Challenge Status
|
|
|
|
- name: Check if Traefik stack directory exists
|
|
ansible.builtin.stat:
|
|
path: "{{ traefik_stack_path }}"
|
|
register: traefik_stack_exists
|
|
|
|
- name: Fail if Traefik stack directory does not exist
|
|
ansible.builtin.fail:
|
|
msg: "Traefik stack directory not found at {{ traefik_stack_path }}"
|
|
when: not traefik_stack_exists.stat.exists
|
|
|
|
- name: Get recent Traefik logs
|
|
ansible.builtin.shell: |
|
|
cd {{ traefik_stack_path }}
|
|
docker compose logs {{ traefik_container_name }} --tail={{ traefik_logs_tail | default(100) }} 2>&1
|
|
register: traefik_logs
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Check for ACME challenge errors in container logs
|
|
ansible.builtin.shell: |
|
|
cd {{ traefik_stack_path }}
|
|
docker compose logs {{ traefik_container_name }} 2>&1 | grep -iE "acme.*challenge|Cannot retrieve.*ACME" | tail -{{ traefik_logs_error_tail | default(20) }} || echo "No ACME challenge errors found in recent logs"
|
|
register: acme_errors
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Check for ACME challenge errors in log file
|
|
ansible.builtin.shell: |
|
|
tail -n {{ traefik_logs_tail | default(100) }} {{ traefik_stack_path }}/logs/traefik.log 2>/dev/null | grep -iE "acme.*challenge|Cannot retrieve.*ACME" | tail -{{ traefik_logs_error_tail | default(20) }} || echo "No ACME challenge errors found in log file"
|
|
register: acme_errors_file
|
|
changed_when: false
|
|
failed_when: false
|
|
ignore_errors: yes
|
|
|
|
- name: Get logs from last N minutes
|
|
ansible.builtin.shell: |
|
|
cd {{ traefik_stack_path }}
|
|
docker compose logs {{ traefik_container_name }} --since {{ traefik_logs_since_minutes | default(10) }}m 2>&1 | tail -{{ traefik_logs_recent_tail | default(50) }}
|
|
register: recent_logs
|
|
changed_when: false
|
|
failed_when: false
|
|
when: traefik_logs_since_minutes is defined
|
|
|
|
- name: Count ACME challenge errors in last hour
|
|
ansible.builtin.shell: |
|
|
cd {{ traefik_stack_path }}
|
|
docker compose logs {{ traefik_container_name }} --since 1h 2>&1 | grep -c "Cannot retrieve.*ACME challenge" || echo "0"
|
|
register: acme_error_count
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Display ACME challenge error summary
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
Traefik ACME Challenge Status
|
|
========================================
|
|
ACME Errors (last hour): {{ acme_error_count.stdout }}
|
|
========================================
|
|
|
|
{% if acme_error_count.stdout | int > 0 %}
|
|
⚠️ ACME challenge errors still occurring
|
|
{% else %}
|
|
✅ No ACME challenge errors in the last hour!
|
|
{% endif %}
|
|
when: traefik_show_status | default(true) | bool
|
|
|
|
- name: Display ACME challenge errors from container logs
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
ACME Challenge Errors (Container Logs):
|
|
========================================
|
|
{{ acme_errors.stdout }}
|
|
========================================
|
|
when: traefik_show_status | default(true) | bool
|
|
|
|
- name: Display ACME challenge errors from log file
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
ACME Challenge Errors (Log File):
|
|
========================================
|
|
{{ acme_errors_file.stdout }}
|
|
========================================
|
|
when: traefik_show_status | default(true) | bool
|
|
|
|
- name: Display recent Traefik logs
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
Recent Traefik Logs (last {{ traefik_logs_since_minutes | default(10) }} minutes):
|
|
========================================
|
|
{{ recent_logs.stdout | default('No recent logs') }}
|
|
========================================
|
|
when:
|
|
- traefik_logs_since_minutes is defined
|
|
- traefik_show_status | default(true) | bool
|
|
|
|
- name: Display all Traefik logs
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
Traefik Container Logs (last {{ traefik_logs_tail | default(100) }} lines):
|
|
========================================
|
|
{{ traefik_logs.stdout | default('No logs available') }}
|
|
========================================
|
|
when:
|
|
- traefik_show_all_logs | default(false) | bool
|
|
- traefik_show_status | default(true) | bool
|
|
|
|
- name: Display final summary
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
Summary
|
|
========================================
|
|
{% if acme_error_count.stdout | int == 0 %}
|
|
✅ SUCCESS: No ACME challenge errors in the last hour!
|
|
|
|
The Traefik configuration fix appears to be working. Monitor the logs
|
|
for the next certificate renewal attempt (usually hourly) to confirm.
|
|
{% else %}
|
|
⚠️ WARNING: {{ acme_error_count.stdout }} ACME challenge errors found in the last hour.
|
|
|
|
The errors may be from before the configuration fix was applied.
|
|
Monitor the logs for the next certificate renewal attempt to see if
|
|
the errors have stopped.
|
|
{% endif %}
|
|
========================================
|
|
when: traefik_show_status | default(true) | bool
|
|
|