opendev/system-config
Code Issues Proposed changes

Merge "gitea-lb: test ssl connections during testing too"

Browse Source
This commit is contained in:
Zuul 2022-08-04 07:19:03 +00:00 committed by Gerrit Code Review
commit 64a389af59
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
playbooks/roles/haproxy/tasks/main.yaml
View File

@ -49,6 +49,19 @@
mode: 0644 mode: 0644
notify: Reload haproxy notify: Reload haproxy
# Copy in testing CA so the container can see it. When running under
# Zuul this CA is created by the test framework. We use it to
# validate the https check path
- name: Check for OpenDev Infra CA (test only)
stat:
path: /etc/opendev-ca/ca.crt
register: _opendev_ca_crt
- name: Copy in OpenDev Infra CA (test only)
copy:
src: /etc/opendev-ca/ca.crt
dest: /var/haproxy/etc/
when: _opendev_ca_crt.stat.exists
- name: Ensure docker compose configuration directory - name: Ensure docker compose configuration directory
file: file:
path: /etc/haproxy-docker path: /etc/haproxy-docker

2
playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2
View File

@ -12,4 +12,4 @@ gitea_lb_listeners:
servers: servers:
- name: "gitea99.opendev.org" - name: "gitea99.opendev.org"
address: "{{ (hostvars['gitea99.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:3081" address: "{{ (hostvars['gitea99.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:3081"
check_method: "check check-ssl verify none" check_method: "check check-ssl ca-file /usr/local/etc/haproxy/ca.crt"