From 7029de5bc98507a186e12e521ff4ff83e9425a7d Mon Sep 17 00:00:00 2001 From: Pieter Date: Thu, 8 Jan 2026 17:39:42 +0100 Subject: [PATCH] fix: Improve Authentik bootstrap resilience MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Increase HTTPS readiness check retries from 30 to 60 - Increase delay between retries from 10s to 15s (total max wait: 15 minutes) - Add failed_when: false to prevent deployment failure - Display helpful warning if HTTPS not yet accessible - Continues deployment even if DNS/SSL not ready yet This resolves timing issues during initial deployment when: - DNS records are still propagating - Let's Encrypt certificates are being issued - Traefik is still configuring routes Authentik runs internally on HTTP and will be accessible via HTTPS once DNS/SSL is fully configured. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- ansible/roles/authentik/tasks/bootstrap.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/ansible/roles/authentik/tasks/bootstrap.yml b/ansible/roles/authentik/tasks/bootstrap.yml index 8423468..2c29ae3 100644 --- a/ansible/roles/authentik/tasks/bootstrap.yml +++ b/ansible/roles/authentik/tasks/bootstrap.yml @@ -8,8 +8,23 @@ status_code: [200, 302] register: authentik_ready until: authentik_ready.status in [200, 302] - retries: 30 - delay: 10 + retries: 60 + delay: 15 + failed_when: false + +- name: Display warning if HTTPS access not yet available + debug: + msg: | + ⚠ WARNING: Authentik not yet accessible via HTTPS + + This is normal during initial deployment when: + - DNS records are still propagating + - Let's Encrypt certificates are being issued + - Traefik is still configuring routes + + Authentik is running internally and will be accessible soon. + The deployment will continue with internal checks. + when: authentik_ready.status not in [200, 302] - name: Display bootstrap status debug: