Adjust HAProxy script to allow for ID change
It is possible that the UID of the container changes between our first parse and the script we execute to copy the TLS Cert. We can re-check the container ID in the script to be safe. Also, we need to fail appropriately if we can't find the container, or can't restart it. Related rhbz#1973674 Closes-Bug: #1940729 Change-Id: I1b8c8e83d7b4a14a8643d63a61519f6bbac5b3d6 Change-Id: Ifafb2e71da1a921eeba8d8c6197cfb74d1ee045e
This commit is contained in:
Brendan Shephard
parent
2a8601f3ed
commit
a22ef3a0bc
|
|
@ -175,15 +175,16 @@ outputs:
|
|||
- name: copy certificate, chgrp, restart haproxy
|
||||
shell: |
|
||||
set -e
|
||||
if {{ container_cli }} ps -f "id={{ item }}" --format "{{ '{{' }}.Names{{ '}}' }}" | grep -q "^haproxy-bundle"; then
|
||||
tar -c {{ cert_path }} | {{container_cli}} exec -i {{ item }} tar -C / -xv
|
||||
container_id=$({{ container_cli }} ps --filter name=haproxy-bundle -q)
|
||||
if [[ "x$container_id" ! = "x" ]]; then
|
||||
tar -c {{ cert_path }} | {{ container_cli }} exec -i $container_id tar -C / -xv
|
||||
else
|
||||
{{ container_cli }} cp {{ cert_path }} {{ item }}:{{ cert_path }}
|
||||
fi
|
||||
{{ container_cli }} exec --user root {{ item }} chgrp haproxy {{ cert_path }}
|
||||
{{ container_cli }} kill --signal=HUP {{ item }}
|
||||
{{ container_cli }} exec --user root $container_id chgrp haproxy {{ cert_path }}
|
||||
{{ container_cli }} kill --signal=HUP $container_id
|
||||
register: container_kill_result
|
||||
failed_when:
|
||||
- ("no such container" not in container_kill_result.stderr)
|
||||
- ("container state improper" not in container_kill_result.stderr)
|
||||
- ("no such container" in container_kill_result.stderr)
|
||||
- ("container state improper" in container_kill_result.stderr)
|
||||
with_items: "{{ container_id.stdout.split('\n') }}"
|
||||
|
|
|
|||
Loading…
Reference in New Issue