Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Remove blocking HTTPS check from Authentik bootstrap

Browse source 
The HTTPS readiness check was causing deployment timeouts because:
- DNS propagation can take up to 5 minutes
- Let's Encrypt certificate issuance takes 30-60 seconds
- Deployment would timeout waiting for HTTPS to work

This check was unnecessary because:
- Authentik health is already verified via Docker health check
- OIDC provider creation uses internal localhost API (doesn't need HTTPS)
- HTTPS will work automatically once DNS/SSL is ready

Changes:
- Removed uri check for https://{{ authentik_domain }}/
- Removed 60 retries × 15 second delay (15 minute timeout)
- Added informational note about DNS/SSL timing
- Deployment now continues immediately after Docker health check

Result: Deployment completes in ~5 minutes instead of timing out.
DNS and SSL still propagate normally in the background.

Fixes: Deployment timeout issue during fresh builds

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Pieter 2026-01-12 07:07:55 +01:00
parent d95862f522
commit 671ebc985b
1 changed files with 4 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
ansible/roles/authentik/tasks/bootstrap.yml
View file

@ -1,31 +1,6 @@
---
# Bootstrap tasks for initial Authentik configuration
- name: Wait for Authentik to be fully ready
uri:
url: "https://{{ authentik_domain }}/"
validate_certs: yes
status_code: [200, 302]
register: authentik_ready
until: authentik_ready.status in [200, 302]
retries: 60
delay: 15
failed_when: false
- name: Display warning if HTTPS access not yet available
debug:
msg: |
⚠ WARNING: Authentik not yet accessible via HTTPS
This is normal during initial deployment when:
- DNS records are still propagating
- Let's Encrypt certificates are being issued
- Traefik is still configuring routes
Authentik is running internally and will be accessible soon.
The deployment will continue with internal checks.
when: authentik_ready.status not in [200, 302]
- name: Display bootstrap status
debug:
msg: |
@ -43,4 +18,8 @@
The admin account and API token are automatically configured
via AUTHENTIK_BOOTSTRAP_* environment variables.
Note: HTTPS access requires DNS propagation and SSL certificate
issuance. This typically takes 1-5 minutes after deployment.
Authentik is accessible internally and the deployment will continue.
Documentation: https://docs.goauthentik.io