006ff07185
This is a prerequisite for patchset #745164 This fixes unwanted restarts during copying of certificates. By removing conditional statements from role handlers in #745164, copying certificates caused containers to restart, this is unwanted during the genconfig process. However, if we would remove handler notifiers from copying certificates, the container would never restart, since from #745164, containers will restart only if any of the files specified in config.json change. Certificates are now copied to intermediary location inside of the container, from which the script kolla_copy_cacerts will install them in the trust store. Depends-on: https://review.opendev.org/c/openstack/kolla/+/926882 Change-Id: Ib89048c7e0f250182c4bf57d8c8a1b5478e9b4ab Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
52 lines
2.1 KiB
Django/Jinja
52 lines
2.1 KiB
Django/Jinja
{
|
|
"command": "/etc/haproxy/haproxy_run.sh",
|
|
"config_files": [
|
|
{
|
|
"source": "{{ container_config_directory }}/haproxy_run.sh",
|
|
"dest": "/etc/haproxy/haproxy_run.sh",
|
|
"owner": "root",
|
|
"perm": "0700"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/haproxy.cfg",
|
|
"dest": "/etc/haproxy/haproxy.cfg",
|
|
"owner": "root",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/services.d/",
|
|
"dest": "/etc/haproxy/services.d",
|
|
"owner": "root",
|
|
"perm": "0700"
|
|
}{% if kolla_enable_tls_external | bool %},
|
|
{
|
|
"source": "{{ container_config_directory }}/external-frontend-map",
|
|
"dest": "/etc/haproxy/external-frontend-map",
|
|
"owner": "root",
|
|
"perm": "0600",
|
|
"optional": {{ (not haproxy_single_external_frontend | bool) | string | lower }}
|
|
}{% endif %}{% if kolla_enable_tls_external and letsencrypt_managed_certs == 'internal' or letsencrypt_managed_certs == '' %},
|
|
{
|
|
"source": "{{ container_config_directory }}/haproxy.pem",
|
|
"dest": "/etc/haproxy/certificates/haproxy.pem",
|
|
"owner": "haproxy",
|
|
"perm": "0600",
|
|
"optional": {{ (not kolla_enable_tls_external | bool) | string | lower }}
|
|
}{% endif %}{% if kolla_enable_tls_internal | bool and letsencrypt_managed_certs == 'external' or letsencrypt_managed_certs == '' %},
|
|
{
|
|
"source": "{{ container_config_directory }}/haproxy-internal.pem",
|
|
"dest": "/etc/haproxy/certificates/haproxy-internal.pem",
|
|
"owner": "haproxy",
|
|
"perm": "0600",
|
|
"optional": {{ (not kolla_enable_tls_internal | bool) | string | lower }}
|
|
}
|
|
{% endif %}{% if kolla_copy_ca_into_containers | bool %},
|
|
{
|
|
"source": "{{ container_config_directory }}/ca-certificates",
|
|
"dest": "/var/lib/kolla/share/ca-certificates",
|
|
"owner": "root",
|
|
"perm": "0600"
|
|
}{% endif %}
|
|
]
|
|
}
|