The Caddyfile was bind-mounted as a single file. ansible.builtin.template writes
atomically (temp + rename), so a re-render swaps the file's inode while the running
container keeps the old one — `caddy reload` then re-read stale config and silently
no-op'd ("config is unchanged"), so new routes never loaded. Surfaced deploying the
NetBird route: Caddy never requested its cert. Fix: render to ./caddy/Caddyfile and
mount the ./caddy DIRECTORY at /etc/caddy — directory mounts reflect inode swaps, so
graceful `caddy reload` works. Proven on askari: atomic replace in the host dir is
visible inside the running container.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
21 lines
866 B
YAML
21 lines
866 B
YAML
---
|
|
- name: Verify
|
|
hosts: all
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Slurp the rendered Caddyfile
|
|
ansible.builtin.slurp:
|
|
src: /opt/services/reverse_proxy/caddy/Caddyfile
|
|
register: _caddyfile
|
|
- name: Assert Caddyfile exists and contains expected content
|
|
ansible.builtin.assert:
|
|
that:
|
|
- _caddyfile.content | b64decode | length > 0
|
|
- "'app.example.test' in (_caddyfile.content | b64decode)"
|
|
- "'reverse_proxy app:80' in (_caddyfile.content | b64decode)"
|
|
- "'respond \"ok\" 200' in (_caddyfile.content | b64decode)"
|
|
- "'grpc.example.test' in (_caddyfile.content | b64decode)"
|
|
- "'reverse_proxy @grpc h2c://backend:80' in (_caddyfile.content | b64decode)"
|
|
fail_msg: "Caddyfile is missing expected content"
|
|
success_msg: "Caddyfile rendered correctly"
|