Execution
Date
30 Dec 2024 13:15:19 +0000
Duration
00:01:05.27
Controller
ssh-gw-4.layershift.com
User
root
Versions
Ansible
2.16.11
ara
1.7.2 / 1.7.2
Python
3.10.10
Summary
5
Hosts
3
Tasks
14
Results
1
Plays
1
Files
0
Records
Task result details
-
StatusOK
-
Duration00:00:38.01
-
PlayPlaybook to install zimbra wildcard certificate on cluster
-
TaskInstall certificate on host
-
Hostmbox1-stage
-
Date30 Dec 2024 13:16:03 +0000
-
Module / Actionansible.builtin.shell (/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml:30)
| Field | Value |
|---|---|
| changed |
False |
| cmd |
set -o pipefail chown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt su -l zimbra -c "cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key" su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt" su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt" su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true" su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1" su -l zimbra -c "zmcontrol restart" su -l zimbra -c "zmcertmgr viewdeployedcrt" |
| delta |
0:00:37.614897 |
| end |
2024-12-30 13:16:03.176533 |
| invocation |
{ "module_args": { "_raw_params": "set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": "/bin/bash", "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } } |
| msg |
|
| rc |
0 |
| start |
2024-12-30 13:15:25.561636 |
| stderr |
cp: cannot create regular file '/opt/zimbra/ssl/zimbra/commercial/commercial.key': No such file or directory Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master. |
| stderr_lines |
[ "cp: cannot create regular file '/opt/zimbra/ssl/zimbra/commercial/commercial.key': No such file or directory", "Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master." ] |
| stdout |
** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key' Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match. ** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt' Valid certificate chain: /tmp/ssl_stage_le.crt: OK ** Creating directory '/opt/zimbra/ssl/zimbra' ** Creating directory '/opt/zimbra/ssl/zimbra/ca' ** Creating directory '/opt/zimbra/ssl/zimbra/commercial' ** Creating directory '/opt/zimbra/ssl/zimbra/server' ** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts' ** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt' ERROR: Can't read file '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Host mbox1.zimbra.stage.town Stopping vmware-ha...Done. Stopping zmconfigd...Done. Stopping zimlet webapp...Done. Stopping zimbraAdmin webapp...Done. Stopping zimbra webapp...Done. Stopping service webapp...Done. Stopping stats...Done. Stopping onlyoffice...Done. Stopping spell...Done. Stopping snmp...Done. Stopping cbpolicyd...Done. Stopping archiving...Done. Stopping opendkim...Done. Stopping amavis...Done. Stopping antivirus...Done. Stopping antispam...Done. Stopping proxy...Done. Stopping memcached...Done. Stopping mailbox...Done. Stopping convertd...Done. Stopping logger...Done. Stopping dnscache...Done. Host mbox1.zimbra.stage.town - imapd: /opt/zimbra/conf/imapd.crt notBefore=Dec 23 12:31:18 2024 GMT notAfter=Mar 23 12:31:17 2025 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R10 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - ldap: /opt/zimbra/conf/slapd.crt notBefore=Dec 23 12:31:18 2024 GMT notAfter=Mar 23 12:31:17 2025 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R10 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem notBefore=Dec 23 12:31:18 2024 GMT notAfter=Mar 23 12:31:17 2025 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R10 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - mta: /opt/zimbra/conf/smtpd.crt notBefore=Dec 23 12:31:18 2024 GMT notAfter=Mar 23 12:31:17 2025 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R10 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - proxy: /opt/zimbra/conf/nginx.crt notBefore=Dec 23 12:31:18 2024 GMT notAfter=Mar 23 12:31:17 2025 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R10 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town |
| stdout_lines |
[ "** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'", "Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match.", "** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'", "Valid certificate chain: /tmp/ssl_stage_le.crt: OK", "** Creating directory '/opt/zimbra/ssl/zimbra'", "** Creating directory '/opt/zimbra/ssl/zimbra/ca'", "** Creating directory '/opt/zimbra/ssl/zimbra/commercial'", "** Creating directory '/opt/zimbra/ssl/zimbra/server'", "** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'", "** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'", "ERROR: Can't read file '/opt/zimbra/ssl/zimbra/commercial/commercial.key'", "Host mbox1.zimbra.stage.town", "\tStopping vmware-ha...Done.", "\tStopping zmconfigd...Done.", "\tStopping zimlet webapp...Done.", "\tStopping zimbraAdmin webapp...Done.", "\tStopping zimbra webapp...Done.", "\tStopping service webapp...Done.", "\tStopping stats...Done.", "\tStopping onlyoffice...Done.", "\tStopping spell...Done.", "\tStopping snmp...Done.", "\tStopping cbpolicyd...Done.", "\tStopping archiving...Done.", "\tStopping opendkim...Done.", "\tStopping amavis...Done.", "\tStopping antivirus...Done.", "\tStopping antispam...Done.", "\tStopping proxy...Done.", "\tStopping memcached...Done.", "\tStopping mailbox...Done.", "\tStopping convertd...Done.", "\tStopping logger...Done.", "\tStopping dnscache...Done.", "Host mbox1.zimbra.stage.town", "- imapd: /opt/zimbra/conf/imapd.crt", "notBefore=Dec 23 12:31:18 2024 GMT", "notAfter=Mar 23 12:31:17 2025 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R10", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- ldap: /opt/zimbra/conf/slapd.crt", "notBefore=Dec 23 12:31:18 2024 GMT", "notAfter=Mar 23 12:31:17 2025 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R10", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem", "notBefore=Dec 23 12:31:18 2024 GMT", "notAfter=Mar 23 12:31:17 2025 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R10", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- mta: /opt/zimbra/conf/smtpd.crt", "notBefore=Dec 23 12:31:18 2024 GMT", "notAfter=Mar 23 12:31:17 2025 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R10", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- proxy: /opt/zimbra/conf/nginx.crt", "notBefore=Dec 23 12:31:18 2024 GMT", "notAfter=Mar 23 12:31:17 2025 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R10", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town" ] |