Conversation
If vault is not unsealed, the task used to fail with `role not found or permission denied` which is confusing for users. This commit adds a check to ensure vault is unsealed before attempting to generate the certificate.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces fixes related to Pulp TLS configuration. It correctly updates a kayobe command in the documentation from reconfigure to deploy. More importantly, it enhances the Ansible playbook for Pulp certificate generation by adding a check to ensure OpenBao is unsealed before proceeding. This is a great improvement for robustness and user experience, as it provides a clear failure message if OpenBao is sealed. I've added one suggestion to make this new check even more robust.
| ansible.builtin.uri: | ||
| url: "{{ openbao_api_addr }}/v1/sys/seal-status" | ||
| return_content: true |
There was a problem hiding this comment.
To make this task more robust, it's good practice to explicitly check for a successful HTTP status code. This ensures that the playbook fails with a clear error if the OpenBao API is available but returns an unexpected status (e.g., a server error), rather than failing at the next task with a less obvious message.
ansible.builtin.uri:
url: "{{ openbao_api_addr }}/v1/sys/seal-status"
return_content: true
status_code: 200
1 participant
No description provided.