Task Wait for DNS entries to propagate not stable

Question

Task Wait for DNS entries to propagate not stable

mr-ssd opened this issue a year ago · comments

The task named "Wait for DNS entries to propagate" in role acme_certificate is not stable when using with Route53.

I suggest we should change wait: false to wait: true to wait until the changes have been replicated to all Amazon Route 53 DNS servers before we check for the TXT record.

Felix Fontein · Answer 1 · Mon Jun 19 2023 02:15:44 GMT+0800 (China Standard Time)

Using wait: true is not a good solution either, since that makes the role incredibly slow when using Route53.

Sida Say · Answer 2 · Mon Jun 19 2023 10:11:31 GMT+0800 (China Standard Time)

Can we change it as an option in a variable?

Felix Fontein · Answer 3 · Wed Aug 02 2023 17:47:55 GMT+0800 (China Standard Time)

I would prefer not to add a config for that. I started some work in the aws collections to make it possible to solve this in a cleaner way: ansible-collections/amazon.aws#1683 ansible-collections/community.aws#1904

Sida Say · Answer 4 · Wed Aug 02 2023 18:20:00 GMT+0800 (China Standard Time)

@felixfontein thank you for the update. Should this case be closed?

Felix Fontein · Answer 5 · Wed Aug 02 2023 18:32:06 GMT+0800 (China Standard Time)

I would keep this issue open, as the problem hasn't been resolved yet.

Felix Fontein · Answer 6 · Fri Aug 11 2023 19:31:29 GMT+0800 (China Standard Time)

ansible-collections/community.aws#1904 together with #62 fixes this, and is pretty efficient as well. I tested it this morning with a larger set of certificates (many of them with Route 53 DNS validation), and it worked as expected.