diff --git a/charts/haproxy/templates/bin/_anchor.tpl b/charts/haproxy/templates/bin/_anchor.tpl index 1b90f6ab..77ede688 100644 --- a/charts/haproxy/templates/bin/_anchor.tpl +++ b/charts/haproxy/templates/bin/_anchor.tpl @@ -29,6 +29,8 @@ compare_copy_files() { {{- end }} } +{{ $fe_count := 0 }} + install_config() { SUCCESS=1 # Inject global and default config @@ -37,6 +39,8 @@ install_config() { {{- range $namespace, $services := $envAll.Values.conf.anchor.services }} {{- range $service, $svc_data := $services }} + {{- $fe_count = add $fe_count 1 }} + echo Constructing config for namespace=\"{{ $namespace }}\" service=\"{{ $service }}\" # NOTE(mark-burnett): Don't accidentally log service account token. @@ -98,10 +102,14 @@ install_config() { if [ $SUCCESS = 1 ]; then mkdir -p $(dirname "$HAPROXY_CONF") if ! cmp -s "$HAPROXY_CONF" "$NEXT_HAPROXY_CONF"; then - echo Replacing HAProxy config file "$HAPROXY_CONF" with: - cat "$NEXT_HAPROXY_CONF" - echo - mv "$NEXT_HAPROXY_CONF" "$HAPROXY_CONF" + if validate_config "$NEXT_HAPROXY_CONF"; then + echo Replacing HAProxy config file "$HAPROXY_CONF" with: + cat "$NEXT_HAPROXY_CONF" + echo + mv "$NEXT_HAPROXY_CONF" "$HAPROXY_CONF" + else + echo "New config failed validation, refusing to replace." + fi else echo HAProxy config file unchanged. fi @@ -109,6 +117,20 @@ install_config() { fi } +validate_config() { + file="$1" + expected_fe="{{- $fe_count -}}" + + count=$(grep -c -E "^frontend" "$file") + + if [ $count -ne $expected_fe ]; then + echo "Found only $count frontends in config, expected $expected_fe." + return 1 + else + return 0 + fi +} + cleanup() { cleanup_message_file=$(dirname "$HAPROXY_CONF")/cleanup backup_dir=$(dirname "$HAPROXY_CONF")/backup diff --git a/charts/haproxy/templates/etc/_haproxy.yaml.tpl b/charts/haproxy/templates/etc/_haproxy.yaml.tpl index d3e3be51..6b701ad3 100644 --- a/charts/haproxy/templates/etc/_haproxy.yaml.tpl +++ b/charts/haproxy/templates/etc/_haproxy.yaml.tpl @@ -63,24 +63,28 @@ spec: set +x while true; do if ! cmp -s "$HAPROXY_CONF" "$LIVE_HAPROXY_CONF"; then - echo vvv Replacing old config vvv - cat "$LIVE_HAPROXY_CONF" - echo + if ! haproxy -c -f "$HAPROXY_CONF"; then + echo New config file appears invalid, refusing to replace. + else + echo vvv Replacing old config vvv + cat "$LIVE_HAPROXY_CONF" + echo - echo vvv With new config vvv - cat "$HAPROXY_CONF" - echo + echo vvv With new config vvv + cat "$HAPROXY_CONF" + echo - cat "$HAPROXY_CONF" > "$LIVE_HAPROXY_CONF" + cat "$HAPROXY_CONF" > "$LIVE_HAPROXY_CONF" - # NOTE(mark-burnett): sleep for clearer log output - sleep 1 + # NOTE(mark-burnett): sleep for clearer log output + sleep 1 - set -x - haproxy -D -f "$LIVE_HAPROXY_CONF" -p /tmp/haproxy.pid \ - -x /tmp/haproxy.sock \ - -sf $(cat /tmp/haproxy.pid) - set +x + set -x + haproxy -D -f "$LIVE_HAPROXY_CONF" -p /tmp/haproxy.pid \ + -x /tmp/haproxy.sock \ + -sf $(cat /tmp/haproxy.pid) + set +x + fi fi sleep {{ .Values.conf.haproxy.period }} done diff --git a/tools/helm_install.sh b/tools/helm_install.sh index f77da29e..85a4e18b 100755 --- a/tools/helm_install.sh +++ b/tools/helm_install.sh @@ -17,7 +17,7 @@ set -x HELM=$1 -HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.14.0-linux-amd64.tar.gz"} +HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.14.1-linux-amd64.tar.gz"} function install_helm_binary {