Ensure that the HAProxy certificate is updated
While doing research for this bugzilla[1] I found that since the
actual certificate PEM file is being bind mounted the mount is acting
as a hard link to the inode of the PEM rather than just a pointer to
it's location in the directory. When the new file is copied over the
inode is updated but the container still maintains a link to the stale
inode. This patch copies the contents of the certificate into the
container so that the HUP of HAProxy will reload the certificate.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1765839
Change-Id: Idf106c9ffa23ed00c497e1e5014e1b5718254320
Closes-Bug: 1871663
(cherry picked from commit 93c6bffb3b
)
This commit is contained in:
parent
cae687c599
commit
3b5b944048
|
@ -36,6 +36,9 @@ cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"
|
|||
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy)
|
||||
|
||||
if [ "$ACTION" == "reload" ]; then
|
||||
# Refresh the cert at the mount-point
|
||||
$container_cli cp $service_pem "$haproxy_container_name:/var/lib/kolla/config_files/src-tls/$service_pem"
|
||||
|
||||
# Copy the new cert from the mount-point to the real path
|
||||
$container_cli exec "$haproxy_container_name" cp "/var/lib/kolla/config_files/src-tls$service_pem" "$service_pem"
|
||||
|
||||
|
|
Loading…
Reference in New Issue