While doing research for this bugzilla[1] I found that since the
actual certificate PEM file is being bind mounted the mount is acting
as a hard link to the inode of the PEM rather than just a pointer to
it's location in the directory. When the new file is copied over the
inode is updated but the container still maintains a link to the stale
inode. This patch copies the contents of the certificate into the
container so that the HUP of HAProxy will reload the certificate.
Reviewed: https:/ /review. opendev. org/724348 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=3b5b944048c db68bea703cbc68 ce3eb9a797b650
Committed: https:/
Submitter: Zuul
Branch: stable/train
commit 3b5b944048cdb68 bea703cbc68ce3e b9a797b650
Author: Dave Wilde (d34dh0r53) <email address hidden>
Date: Fri Apr 24 10:27:06 2020 -0500
Ensure that the HAProxy certificate is updated
While doing research for this bugzilla[1] I found that since the
actual certificate PEM file is being bind mounted the mount is acting
as a hard link to the inode of the PEM rather than just a pointer to
it's location in the directory. When the new file is copied over the
inode is updated but the container still maintains a link to the stale
inode. This patch copies the contents of the certificate into the
container so that the HUP of HAProxy will reload the certificate.
[1]: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1765839
Change-Id: Idf106c9ffa23ed 00c497e1e5014e1 b5718254320 78e5f3611e058b4 afff08bdb9)
Closes-Bug: 1871663
(cherry picked from commit 93c6bffb3b06c59