While doing research for this bugzilla[1] I found that since the
actual certificate PEM file is being bind mounted the mount is acting
as a hard link to the inode of the PEM rather than just a pointer to
it's location in the directory. When the new file is copied over the
inode is updated but the container still maintains a link to the stale
inode. This patch copies the contents of the certificate into the
container so that the HUP of HAProxy will reload the certificate.
Reviewed: https:/ /review. opendev. org/739537 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=146674dcea0 bca513a6d9ea008 7f06c4c300a0bc
Committed: https:/
Submitter: Zuul
Branch: stable/ussuri
commit 146674dcea0bca5 13a6d9ea0087f06 c4c300a0bc
Author: Dave Wilde (d34dh0r53) <email address hidden>
Date: Fri Apr 24 10:27:06 2020 -0500
Ensure that the HAProxy certificate is updated
While doing research for this bugzilla[1] I found that since the
actual certificate PEM file is being bind mounted the mount is acting
as a hard link to the inode of the PEM rather than just a pointer to
it's location in the directory. When the new file is copied over the
inode is updated but the container still maintains a link to the stale
inode. This patch copies the contents of the certificate into the
container so that the HUP of HAProxy will reload the certificate.
[1]: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1765839
Change-Id: Idf106c9ffa23ed 00c497e1e5014e1 b5718254320 2d853d171459011 09291ac1f1)
Closes-Bug: 1871663
(cherry picked from commit c1e09672a52fea8