aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorMartin André <m.andre@redhat.com>2017-06-13 15:35:16 +0200
committerMartin André <m.andre@redhat.com>2017-06-30 08:14:51 +0200
commitd53feb830bcbfa35722c0eac5937b5157628c827 (patch)
tree387b00884cfa64460fd4be4859d83dbd2c833623 /docker
parent1847a014232afa726d01b3f75f46eec7b5444a45 (diff)
Bind mount needed cert for haproxy
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: Id2df144b678769def204961236624091d4e5c457
Diffstat (limited to 'docker')
-rw-r--r--docker/services/haproxy.yaml12
1 files changed, 12 insertions, 0 deletions
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 242f0751..5831fe89 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -42,6 +42,11 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
RedisPassword:
description: The password for Redis
type: string
@@ -93,6 +98,12 @@ outputs:
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ]
+ volumes: &deployed_cert_mount
+ - list_join:
+ - ':'
+ - - {get_param: DeployedSSLCertificatePath}
+ - {get_param: DeployedSSLCertificatePath}
+ - 'ro'
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
@@ -109,6 +120,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
+ - *deployed_cert_mount
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/haproxy/etc/:/etc/:ro