From f238c25c9969d11c3b93dcf480237e2484f40016 Mon Sep 17 00:00:00 2001 From: "Dave Wilde (d34dh0r53)" Date: Tue, 28 Apr 2020 15:25:27 -0500 Subject: [PATCH] Update container certificate Due to the bind-mounting of the actual PEM file rather than the directory we cannot simply copy the new file to the location on the host, we need to copy the updated PEM into the container. This patch also removes outdated and no longer working container detection code that was preventing any of the tasks from ever running. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1765839 Change-Id: Ie275001aabe16241d2036d39fce294f86f88e7c8 Closes-Bug: 1875746 (cherry picked from commit e38287c9de9b7e8d0ddeb9bf588dd610103c65f9) --- .../haproxy/haproxy-public-tls-inject.yaml | 41 ++----------------- 1 file changed, 4 insertions(+), 37 deletions(-) diff --git a/deployment/haproxy/haproxy-public-tls-inject.yaml b/deployment/haproxy/haproxy-public-tls-inject.yaml index 8d4c540d41..c658aaddc3 100644 --- a/deployment/haproxy/haproxy-public-tls-inject.yaml +++ b/deployment/haproxy/haproxy-public-tls-inject.yaml @@ -173,42 +173,9 @@ outputs: - container_id.stdout is defined - container_id.stdout != '' block: - - name: set kolla_dir fact - set_fact: kolla_dir="/var/lib/kolla/config_files/src-tls" - - - name: assert {{ kolla_dir }}{{ cert_path }} exists - stat: - path: "{{ kolla_dir }}{{cert_path}}" - register: kolla_cert_exists - + - name: copy certificate from host to container + shell: "{{ container_cli }} cp {{ cert_path }} {{ container_id.stdout }}:{{ cert_path }}" - name: set certificate group on host via container - shell: | - if {{ container_cli }} ps | grep {{container_id.stdout}}; then - {{ container_cli }} exec {{container_id.stdout}} chgrp haproxy {{kolla_dir}}{{cert_path}} - # handle situation when container_cli is podman but - # the containers are still under docker - elif docker ps | grep {{container_id.stdout}}; then - docker exec {{container_id.stdout}} chgrp haproxy {{kolla_dir}}{{cert_path}} - else - echo "Error: {{container_id.stdout}} container not found" - exit 1 - fi - when: kolla_cert_exists.stat.exists - - - name: copy certificate from kolla directory to final location - shell: | - if {{ container_cli }} ps | grep {{container_id.stdout}}; then - {{ container_cli }} exec {{container_id.stdout}} cp {{kolla_dir}}{{cert_path}} {{cert_path}} - # handle situation when container_cli is podman but - # the containers are still under docker - elif docker ps | grep {{container_id.stdout}}; then - docker exec {{container_id.stdout}} cp {{kolla_dir}}{{cert_path}} {{cert_path}} - else - echo "Error: {{container_id.stdout}} container not found" - exit 1 - fi - when: kolla_cert_exists.stat.exists - + command: "{{ container_cli }} exec --user root {{container_id.stdout}} chgrp haproxy {{ cert_path }}" - name: send restart order to haproxy container - command: "{{ container_cli }} kill --signal=HUP {{container_id.stdout}}" - when: kolla_cert_exists.stat.exists + command: "{{ container_cli }} kill --signal=HUP {{ container_id.stdout }}"