openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes
openstack-ansible-haproxy_s.../templates/letsencrypt_pre_hook_certbot_distro.j2
Jonathan Rosser dbc8fe1fe2 Use a certbot pre-hook to ensure haproxy backend is up before renewal 
We use the built in python3 http server to bring up a temporary backend
on the node which wants to renew a certificate. The timeout set so that
the haproxy health check has noticed the backend come up before certbot
runs.

There is otherwise a race condition between the haproxy healthcheck and
the certbot challenge request arriving at the acme-challenge endpoint.

Change-Id: I2f5f9457c43c68f2881bf9d44f43434ca7b43859
2020-05-07 13:15:54 +00:00

5 lines
333 B
Django/Jinja
Raw Permalink Blame History

#!/bin/bash
# swing load balancer over to this node by starting temporary http server for {{ haproxy_ssl_letsencrypt_pre_hook_timeout }} seconds
timeout {{ haproxy_ssl_letsencrypt_pre_hook_timeout }} python3 -m http.server {{ haproxy_ssl_letsencrypt_certbot_backend_port }} --bind {{ haproxy_ssl_letsencrypt_certbot_bind_address }}
View Git Blame Copy Permalink