always shows skipped due to action :nothing

[chenghung]

my recipe:

node.default['certbot-exec']['agree_to_tos'] = true
node.default['certbot-exec']['email'] = 'mymail@gmail.com'

certbot_exec 'mysite.ddns.net' do
  domains 'mysite.ddns.net'
  action :run
end

output of chef-client:

  * certbot_repo[repo] action create
    * apt_repository[certbot] action add
      * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
      * apt_update[certbot] action nothing (skipped due to action :nothing)
      * execute[install-key 7BF576066ADA65728FC7E70A8C47BE8E75BCA694] action run (skipped due to not_if)
      * file[/etc/apt/sources.list.d/certbot.list] action create (up to date)
       (up to date)
     (up to date)
  * certbot_pkg[certbot] action install
    * apt_package[install-certbot] action install (up to date)
     (up to date)
  * certbot_pkg[certbot] action install
    * apt_package[install-certbot] action install (up to date)
     (up to date)
  * certbot_cmd[execute-certbot] action exec (up to date)
  * certbot_cmd[execute-certbot] action exec (up to date)

...

Recipe: wiki::setup_https
  * certbot_exec[mysite.ddns.net] action nothing (skipped due to action :nothing)
  * service[nginx] action reload
    - reload service service[nginx]

is it a bug ?

[qubitrenegade]

Hi @chenghung thanks for your issue! Sorry that you're having problems. Couple questions for you:

• Is this a new or an existing deployment? Meaning, have you previously installed/run certbot via some other method (manually, another cookbook, etc.)? The reason I'm asking is the ohai plugin (which I'm now realizing is not documented) checks for existing certs in /etc/letsencrypt/live, and if there is one it assumes the one furthest from expiration is the "valid" cert. The certbot_exec resource won't execute if it thinks there's a "valid" SSL cert without the force true property. E.g.:

certbot_exec 'mysite.ddns.net' do
  domains 'mysite.ddns.net'
  force true
  action :run
end

For debugging purposes, have you tried force true?

• Are you receiving any errors? Without the extra_args property, I would actually expect this to fail...

• Can you give me a full log output of your chef-client run please? I think a --log-level info (or --log_level info on newer clients) should be sufficient. The short version is the way I'm modifying the run_context, causes some "erroneous" log messages so the skipped due to action :nothing can be a bit of a red herring.

Thanks again for opening the issue, hopefully we can get ya up an running!

---

(Totally as an aside, the "name" property of the resource is also the domains property, so these are equivalent:

certbot_exec 'mysite.ddns.net'

and

certbot_exec 'mysite.ddns.net' do
  domains 'mysite.ddns.net'
  action :run
end

My thinking was, you might want to do:

certbot_exec 'create mysite' do
  domains 'mysite.ddns.net'
  action :run
end

It's interesting to see how other people are using the resource.)

[qubitrenegade]

@chenghung any updates? I'd love to help you figure out any issues...

My answer to the general: "it always shows skipped due to action :nothing" is, yea, it'll do that."... for every instance of certbot_exec, we execute certbot_exec :nothing... during the "compile" phase. then it's executed first thing during the execute phase.

Basically, I've always hoped someone would find my code useful... so help me help you? lol

I want to make this work for you, so any more info you can give me will help me help you.