Browse Source

Merge "HA: inject public certificates without blocking container" into stable/victoria

changes/46/787746/1
Zuul 3 weeks ago
committed by Gerrit Code Review
parent
commit
edf9bfedc7
1 changed files with 5 additions and 1 deletions
  1. +5
    -1
      deployment/haproxy/haproxy-public-tls-inject.yaml

+ 5
- 1
deployment/haproxy/haproxy-public-tls-inject.yaml View File

@ -178,7 +178,11 @@ outputs:
- name: copy certificate, chgrp, restart haproxy
shell: |
set -e
{{ container_cli }} cp {{ cert_path }} {{ item }}:{{ cert_path }}
if {{ container_cli }} ps -f "id={{ item }}" --format "{{ '{{' }}.Names{{ '}}' }}" | grep -q "^haproxy-bundle"; then
tar -c {{ cert_path }} | {{container_cli}} exec -i {{ item }} tar -C / -xv
else
{{ container_cli }} cp {{ cert_path }} {{ item }}:{{ cert_path }}
fi
{{ container_cli }} exec --user root {{ item }} chgrp haproxy {{ cert_path }}
{{ container_cli }} kill --signal=HUP {{ item }}
with_items: "{{ container_id.stdout.split('\n') }}"

Loading…
Cancel
Save