Commit 20bc12bd authored by Nicolas Wavrant's avatar Nicolas Wavrant

clammit: reload haproxy using native feature on certificate update

instead of relying on slapos hash-file feature
parent 5f46df17
Pipeline #36357 failed with stage
in 0 seconds
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
[instance.cfg.in] [instance.cfg.in]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 83addd63b24d84fad15356276a5db484 md5sum = def6c6874a6a7e0c7f6b97a316d0afef
[clamd.conf.in] [clamd.conf.in]
filename = clamd.conf.in filename = clamd.conf.in
......
...@@ -207,6 +207,7 @@ caucase.updater( ...@@ -207,6 +207,7 @@ caucase.updater(
ca_path='${frontend-certificate:ca-file}', ca_path='${frontend-certificate:ca-file}',
crl_path='${frontend-certificate:crl-file}', crl_path='${frontend-certificate:crl-file}',
key_path='${frontend-certificate:key-file}', key_path='${frontend-certificate:key-file}',
on_renew='${haproxy-reload:output}',
template_csr='${frontend-certificate-prepare-csr:csr}', template_csr='${frontend-certificate-prepare-csr:csr}',
openssl=openssl.location + "/bin", openssl=openssl.location + "/bin",
)}} )}}
...@@ -295,6 +296,15 @@ content = ...@@ -295,6 +296,15 @@ content =
server app ${clam-config:clammit-listen-address}:${clam-config:clammit-listen-port} check server app ${clam-config:clammit-listen-address}:${clam-config:clammit-listen-port} check
pidfile = ${directory:var.run}/haproxy.pid pidfile = ${directory:var.run}/haproxy.pid
[haproxy-reload]
recipe = collective.recipe.template
output = ${directory:bin}/${:_buildout_section_name_}
mode = 700
input =
inline:
#!/bin/sh
kill -USR2 $(cat "${haproxy.conf:pidfile}")
[frontend] [frontend]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:etc.service}/${:_buildout_section_name_} wrapper-path = ${directory:etc.service}/${:_buildout_section_name_}
...@@ -302,7 +312,6 @@ command-line = ...@@ -302,7 +312,6 @@ command-line =
{{ haproxy.location }}/sbin/haproxy -f ${haproxy.conf:output} {{ haproxy.location }}/sbin/haproxy -f ${haproxy.conf:output}
hash-files = hash-files =
${haproxy.conf:output} ${haproxy.conf:output}
${frontend-certificate:cert-file}
[frontend-promise] [frontend-promise]
recipe = slapos.cookbook:check_url_available recipe = slapos.cookbook:check_url_available
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment