8f9a452bb5
When we restart HAproxy, we kill all the connections and it causes all of the services to be dropped out. This is really not ideal and causes things to be lost in the control plane. This patch instead does a reload which will safely keep the existing clients connected till they evacuate and then use SO_REUSEPORT for the new process. Change-Id: I502457f691ad66dfd68ace21ac1575cea23b538a
12 lines
330 B
Django/Jinja
12 lines
330 B
Django/Jinja
#!/bin/bash
|
|
# renew cert if required and copy to haproxy destination
|
|
|
|
{{ haproxy_ssl_letsencrypt_venv }}/bin/certbot renew \
|
|
--standalone \
|
|
--pre-hook "systemctl stop haproxy" \
|
|
|
|
cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
|
|
> /etc/ssl/private/haproxy.pem
|
|
|
|
systemctl reload haproxy
|