openstack/tripleo-heat-templates
Code Issues Proposed changes

Adjust HAProxy script to allow for ID change

Browse Source 
It is possible that the UID of the container
changes between our first parse and the script
we execute to copy the TLS Cert. We can re-check
the container ID in the script to be safe.

Also, we need to fail appropriately if we can't
find the container, or can't restart it.

Related rhbz#1973674
Closes-Bug: #1940729
Change-Id: I1b8c8e83d7b4a14a8643d63a61519f6bbac5b3d6

Change-Id: Ifafb2e71da1a921eeba8d8c6197cfb74d1ee045e
This commit is contained in:
Brendan Shephard 2021-08-21 05:59:09 +00:00
parent 2a8601f3ed
commit a22ef3a0bc
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
deployment/haproxy/haproxy-public-tls-inject.yaml
View File

@ -175,15 +175,16 @@ outputs:
- name: copy certificate, chgrp, restart haproxy
shell: |
set -e
if {{ container_cli }} ps -f "id={{ item }}" --format "{{ '{{' }}.Names{{ '}}' }}" | grep -q "^haproxy-bundle"; then
tar -c {{ cert_path }} | {{container_cli}} exec -i {{ item }} tar -C / -xv
container_id=$({{ container_cli }} ps --filter name=haproxy-bundle -q)
if [[ "x$container_id" ! = "x" ]]; then
tar -c {{ cert_path }} | {{ container_cli }} exec -i $container_id tar -C / -xv
else
{{ container_cli }} cp {{ cert_path }} {{ item }}:{{ cert_path }}
fi
{{ container_cli }} exec --user root {{ item }} chgrp haproxy {{ cert_path }}
{{ container_cli }} kill --signal=HUP {{ item }}
{{ container_cli }} exec --user root $container_id chgrp haproxy {{ cert_path }}
{{ container_cli }} kill --signal=HUP $container_id
register: container_kill_result
failed_when:
- ("no such container" not in container_kill_result.stderr)
- ("container state improper" not in container_kill_result.stderr)
- ("no such container" in container_kill_result.stderr)
- ("container state improper" in container_kill_result.stderr)
with_items: "{{ container_id.stdout.split('\n') }}"