[BUG] [albs-deploy]: jwt_generator.py has hardcoded expired timestamp

[ConnorFreebairn]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Following the README Quick Deployment for the albs-deploy repository fails without setting albs_jwt_token manually. The playbook calls library/jwt_generator.py which has a now expired hardcoded expiry.

Line 65 Expired 2026-05-01
EXPIRE_TIME=1777628461

Every token it generates is already expired, causing a 401 failure at the sign-keys check and affecting other dependent services.

fatal: [albs_on_one_vm]: FAILED! => {
    "status": 401,
    "url": "http://localhost:8088/api/v1/sign-keys/",
    "json": {
        "detail": "Unauthorized"
    }
}

It's worth noting that the expired date is also referenced in the README.

Expected Behavior

The playbook generates a valid token and deployment completes successfully without needing to manually set albs_jwt_token.

Steps To Reproduce

1. Clone albs-deploy:
   git clone git@github.com:AlmaLinux/albs-deploy.git && cd albs-deploy

2. Create vars.yml as documented in the README Quick Deployment:
   github_client: <OAuth client id>
github_client_secret: <OAuth token>
frontend_baseurl: http://<hostname>:8080

3. Install ansible plugins:
   ansible-galaxy install -r requirements.yml

4. Run:
   ansible-playbook -i inventories/one_vm -vv -u <user> -e "@vars.yml" playbooks/albs_on_one_vm.yml

5. Deployment fails at "Checking if GPG key exists on web_server" with 401 Unauthorized

Anything else?

Workaround
Manually set the albs_jwt_token in your inventory vars as documented in the README.

Search terms

jwt_generator albs-deploy jwt

[anfimovdm]

Should be fixed in that PR: AlmaLinux/albs-deploy#34
Please check when you have some time

[ConnorFreebairn]

Hi @anfimovdm , confirmed that AlmaLinux/albs-deploy#34 now bootstrap's without error.

Marking this as closed.