charm-haproxy

Merge lp:~gtrkiller/charm-haproxy/autocert_bug_fix into lp:~haproxy-team/charm-haproxy/trunk-old-use-git

  1. autocert_bug_fix
  2. Merge into trunk-old-use-git
Proposed by Franco Luciano Forneron Buschiazzo
Status: Merged
Approved by: Tom Haddon
Approved revision: 159
Merged at revision: 157
Proposed branch: lp:~gtrkiller/charm-haproxy/autocert_bug_fix
Merge into: lp:~haproxy-team/charm-haproxy/trunk-old-use-git
Diff against target: 74 lines (+23/-3)
1 file modified
hooks/hooks.py (+23/-3)
To merge this branch: bzr merge lp:~gtrkiller/charm-haproxy/autocert_bug_fix
Reviewer Review Type Date Requested Status
Tom Haddon Approve
Canonical IS Reviewers Pending
Review via email: mp+447213@code.launchpad.net

Commit message

bugfix #2027680

Description of the change

With this fix, the charm will now be aware if the cert files are missing and block the charm/restart haproxy accordingly.

To post a comment you must log in.
Revision history for this message
Tom Haddon (mthaddon) wrote :

Some comments inline

lp:~gtrkiller/charm-haproxy/autocert_bug_fix updated
158. By Franco Luciano Forneron Buschiazzo

addressing comments

Revision history for this message
Tom Haddon (mthaddon) wrote :

Some comments inline. I think https://paste.ubuntu.com/p/YhywzTkF7D/ applied to this MP would address the comments, but please test to confirm it works as expected.

lp:~gtrkiller/charm-haproxy/autocert_bug_fix updated
159. By Franco Luciano Forneron Buschiazzo

addressing comments

Revision history for this message
Tom Haddon (mthaddon) wrote :

LGTM, thx

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 157

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/hooks.py'
2--- hooks/hooks.py 2023-07-13 10:12:04 +0000
3+++ hooks/hooks.py 2023-07-20 14:32:33 +0000
4@@ -29,6 +29,7 @@
5 opened_ports,
6 close_port,
7 unit_get,
8+ status_get,
9 status_set,
10 INFO,
11 DEBUG,
12@@ -953,6 +954,9 @@
13 return None
14 elif action == "check":
15 command = ['/usr/sbin/haproxy', '-f', haproxy_config, '-c']
16+ process = subprocess.Popen(command, stdout=subprocess.DEVNULL, stderr=subprocess.PIPE)
17+ stdout, stderr = process.communicate()
18+ return process.returncode, stderr.decode()
19 else:
20 command = ['service', 'haproxy', action]
21 return_value = subprocess.call(command)
22@@ -1033,7 +1037,8 @@
23 write_metrics_cronjob(metrics_script_path,
24 metrics_cronjob_path)
25
26- if service_haproxy("check"):
27+ return_code, stderr = service_haproxy("check")
28+ if return_code == 0:
29 update_service_ports(old_service_ports, get_service_ports())
30 service_haproxy("reload")
31 if not (get_listen_stanzas() == old_stanzas):
32@@ -1043,8 +1048,13 @@
33 # XXX Ideally the config should be restored to a working state if the
34 # check fails, otherwise an inadvertent reload will cause the service
35 # to be broken.
36- log("HAProxy configuration check failed, exiting.")
37- sys.exit(1)
38+ log("The HAProxy service check failed with the following message: %s" % stderr)
39+ if "unable to stat SSL certificate from file" in stderr:
40+ log("Setting status to blocked, waiting for cert to be generated")
41+ status_set('blocked', 'Waiting for cert to be generated')
42+ sys.exit()
43+ else:
44+ sys.exit(1)
45 if config_data.changed("global_log") or config_data.changed("source"):
46 # restart rsyslog to pickup haproxy rsyslog config
47 # This could be removed once the following bug is fixed in the haproxy
48@@ -1483,6 +1493,14 @@
49
50 def assess_status():
51 '''Assess status of current unit'''
52+ check_status, error = service_haproxy("check")
53+ if check_status != 0:
54+ if "unable to stat SSL certificate from file" in error:
55+ status_set('blocked', 'Waiting for cert to be generated')
56+ return
57+ charm_status, message = status_get()
58+ if charm_status == "blocked" and check_status == 0:
59+ service_haproxy("restart")
60 if(service_haproxy("status")):
61 status_set('active', 'Unit is ready')
62 else:
63@@ -1492,6 +1510,8 @@
64 def main(hook_name):
65 if hook_name == "install":
66 install_hook()
67+ elif hook_name == "update-status":
68+ pass
69 elif hook_name == "upgrade-charm":
70 install_hook()
71 config_changed()
72
73=== added symlink 'hooks/update-status'
74=== target is './hooks.py'

Subscribers

People subscribed via source and target branches