Update container certificate

Due to the bind-mounting of the actual PEM file rather than the directory we cannot simply copy the new file to the location on the host, we need to copy the updated PEM into the container. This patch also removes outdated and no longer working container detection code that was preventing any of the tasks from ever running. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1765839 Change-Id: Ie275001aabe16241d2036d39fce294f86f88e7c8 Closes-Bug: 1875746 (cherry picked from commit e38287c9de)
2020-04-28 15:25:27 -05:00 · 2020-04-28 15:25:27 -05:00 · f238c25c99
parent 2a67c80fd1
commit f238c25c99
1 changed files with 4 additions and 37 deletions
--- a/deployment/haproxy/haproxy-public-tls-inject.yaml
+++ b/deployment/haproxy/haproxy-public-tls-inject.yaml
@ -173,42 +173,9 @@ outputs:
                - container_id.stdout is defined
                - container_id.stdout != ''
              block:
-                - name: set kolla_dir fact
-                  set_fact: kolla_dir="/var/lib/kolla/config_files/src-tls"
-
-                - name: assert {{ kolla_dir }}{{ cert_path }} exists
-                  stat:
-                    path: "{{ kolla_dir }}{{cert_path}}"
-                  register: kolla_cert_exists
-
+                - name: copy certificate from host to container
+                  shell: "{{ container_cli }} cp {{ cert_path }} {{ container_id.stdout }}:{{ cert_path }}"
                - name: set certificate group on host via container
-                  shell: |
-                    if {{ container_cli }} ps | grep {{container_id.stdout}}; then
-                      {{ container_cli }} exec {{container_id.stdout}} chgrp haproxy {{kolla_dir}}{{cert_path}}
-                    # handle situation when container_cli is podman but
-                    # the containers are still under docker
-                    elif docker ps | grep {{container_id.stdout}}; then
-                      docker exec {{container_id.stdout}} chgrp haproxy {{kolla_dir}}{{cert_path}}
-                    else
-                      echo "Error: {{container_id.stdout}} container not found"
-                      exit 1
-                    fi
-                  when: kolla_cert_exists.stat.exists
-
-                - name: copy certificate from kolla directory to final location
-                  shell: |
-                    if {{ container_cli }} ps | grep {{container_id.stdout}}; then
-                      {{ container_cli }} exec {{container_id.stdout}} cp {{kolla_dir}}{{cert_path}} {{cert_path}}
-                    # handle situation when container_cli is podman but
-                    # the containers are still under docker
-                    elif docker ps | grep {{container_id.stdout}}; then
-                      docker exec {{container_id.stdout}} cp {{kolla_dir}}{{cert_path}} {{cert_path}}
-                    else
-                      echo "Error: {{container_id.stdout}} container not found"
-                      exit 1
-                    fi
-                  when: kolla_cert_exists.stat.exists
-
+                  command: "{{ container_cli }} exec --user root {{container_id.stdout}} chgrp haproxy {{ cert_path }}"
                - name: send restart order to haproxy container
-                  command: "{{ container_cli }} kill --signal=HUP {{container_id.stdout}}"
-                  when: kolla_cert_exists.stat.exists
+                  command: "{{ container_cli }} kill --signal=HUP {{ container_id.stdout }}"