If the charm is related to autocert it errors on missing certs, preventing autocert install
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
charm-haproxy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Take the following log snippet as an example:
```
2023-06-27 13:18:58 WARNING unit.public-
2023-06-27 13:18:58 WARNING unit.public-
2023-06-27 13:18:58 INFO unit.public-
2023-06-27 13:18:58 INFO unit.public-
2023-06-27 13:18:58 WARNING unit.public-
2023-06-27 13:18:58 WARNING unit.public-
2023-06-27 13:18:58 WARNING unit.public-
2023-06-27 13:18:58 WARNING unit.public-
2023-06-27 13:18:58 INFO unit.public-
2023-06-27 13:18:59 ERROR juju.worker.
```
This happens if HAProxy is configured to use "external" certificates, such as with the autocert subordinate charm. Looking at /etc/haproxy/
```
frontend public-
bind 0.0.0.0:443 ssl crt /var/lib/
```
However, this file (/var/lib/
The relevant bit of code is line 1042 of `hooks/hooks.py`:
```
if service_
[...]
else:
log("HAProxy configuration check failed, exiting.")
sys.exit(1)
```
We should figure out if a "blocked" status on a primary charm prevents the installation of a subordinate charm from continuing. If it doesn't I think the best thing to do would be to put the charm into a blocked status if we get the error above (we should check the output of the service check function includes `unable to load SSL certificate file '/var/lib/
If blocked status does prevent subordinate charms from being installed we should potentially look at generating a temporary self-signed certificate so we can continue.
Related branches
- Tom Haddon: Approve
- Canonical IS Reviewers: Pending requested
-
Diff: 74 lines (+23/-3)1 file modifiedhooks/hooks.py (+23/-3)
description: | updated |
description: | updated |
This has been released as revision 70 in the edge channel