(haproxy) Add rationality check to config
- When the anchor provides a new haproxy config file to the running haproxy, add a reasonable check that the new config is valid: - Is it a valid config file per haproxy - Does it contain the expected number of frontends - Update helm version for linting to 2.14.1 Change-Id: I7a49deb372831c44f05c7baa870735c515519cb2
This commit is contained in:
parent
3714064734
commit
41e21e1a6e
|
@ -29,6 +29,8 @@ compare_copy_files() {
|
||||||
{{- end }}
|
{{- end }}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{{ $fe_count := 0 }}
|
||||||
|
|
||||||
install_config() {
|
install_config() {
|
||||||
SUCCESS=1
|
SUCCESS=1
|
||||||
# Inject global and default config
|
# Inject global and default config
|
||||||
|
@ -37,6 +39,8 @@ install_config() {
|
||||||
|
|
||||||
{{- range $namespace, $services := $envAll.Values.conf.anchor.services }}
|
{{- range $namespace, $services := $envAll.Values.conf.anchor.services }}
|
||||||
{{- range $service, $svc_data := $services }}
|
{{- range $service, $svc_data := $services }}
|
||||||
|
{{- $fe_count = add $fe_count 1 }}
|
||||||
|
|
||||||
echo Constructing config for namespace=\"{{ $namespace }}\" service=\"{{ $service }}\"
|
echo Constructing config for namespace=\"{{ $namespace }}\" service=\"{{ $service }}\"
|
||||||
|
|
||||||
# NOTE(mark-burnett): Don't accidentally log service account token.
|
# NOTE(mark-burnett): Don't accidentally log service account token.
|
||||||
|
@ -98,10 +102,14 @@ install_config() {
|
||||||
if [ $SUCCESS = 1 ]; then
|
if [ $SUCCESS = 1 ]; then
|
||||||
mkdir -p $(dirname "$HAPROXY_CONF")
|
mkdir -p $(dirname "$HAPROXY_CONF")
|
||||||
if ! cmp -s "$HAPROXY_CONF" "$NEXT_HAPROXY_CONF"; then
|
if ! cmp -s "$HAPROXY_CONF" "$NEXT_HAPROXY_CONF"; then
|
||||||
echo Replacing HAProxy config file "$HAPROXY_CONF" with:
|
if validate_config "$NEXT_HAPROXY_CONF"; then
|
||||||
cat "$NEXT_HAPROXY_CONF"
|
echo Replacing HAProxy config file "$HAPROXY_CONF" with:
|
||||||
echo
|
cat "$NEXT_HAPROXY_CONF"
|
||||||
mv "$NEXT_HAPROXY_CONF" "$HAPROXY_CONF"
|
echo
|
||||||
|
mv "$NEXT_HAPROXY_CONF" "$HAPROXY_CONF"
|
||||||
|
else
|
||||||
|
echo "New config failed validation, refusing to replace."
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo HAProxy config file unchanged.
|
echo HAProxy config file unchanged.
|
||||||
fi
|
fi
|
||||||
|
@ -109,6 +117,20 @@ install_config() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
validate_config() {
|
||||||
|
file="$1"
|
||||||
|
expected_fe="{{- $fe_count -}}"
|
||||||
|
|
||||||
|
count=$(grep -c -E "^frontend" "$file")
|
||||||
|
|
||||||
|
if [ $count -ne $expected_fe ]; then
|
||||||
|
echo "Found only $count frontends in config, expected $expected_fe."
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
cleanup() {
|
cleanup() {
|
||||||
cleanup_message_file=$(dirname "$HAPROXY_CONF")/cleanup
|
cleanup_message_file=$(dirname "$HAPROXY_CONF")/cleanup
|
||||||
backup_dir=$(dirname "$HAPROXY_CONF")/backup
|
backup_dir=$(dirname "$HAPROXY_CONF")/backup
|
||||||
|
|
|
@ -63,24 +63,28 @@ spec:
|
||||||
set +x
|
set +x
|
||||||
while true; do
|
while true; do
|
||||||
if ! cmp -s "$HAPROXY_CONF" "$LIVE_HAPROXY_CONF"; then
|
if ! cmp -s "$HAPROXY_CONF" "$LIVE_HAPROXY_CONF"; then
|
||||||
echo vvv Replacing old config vvv
|
if ! haproxy -c -f "$HAPROXY_CONF"; then
|
||||||
cat "$LIVE_HAPROXY_CONF"
|
echo New config file appears invalid, refusing to replace.
|
||||||
echo
|
else
|
||||||
|
echo vvv Replacing old config vvv
|
||||||
|
cat "$LIVE_HAPROXY_CONF"
|
||||||
|
echo
|
||||||
|
|
||||||
echo vvv With new config vvv
|
echo vvv With new config vvv
|
||||||
cat "$HAPROXY_CONF"
|
cat "$HAPROXY_CONF"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
cat "$HAPROXY_CONF" > "$LIVE_HAPROXY_CONF"
|
cat "$HAPROXY_CONF" > "$LIVE_HAPROXY_CONF"
|
||||||
|
|
||||||
# NOTE(mark-burnett): sleep for clearer log output
|
# NOTE(mark-burnett): sleep for clearer log output
|
||||||
sleep 1
|
sleep 1
|
||||||
|
|
||||||
set -x
|
set -x
|
||||||
haproxy -D -f "$LIVE_HAPROXY_CONF" -p /tmp/haproxy.pid \
|
haproxy -D -f "$LIVE_HAPROXY_CONF" -p /tmp/haproxy.pid \
|
||||||
-x /tmp/haproxy.sock \
|
-x /tmp/haproxy.sock \
|
||||||
-sf $(cat /tmp/haproxy.pid)
|
-sf $(cat /tmp/haproxy.pid)
|
||||||
set +x
|
set +x
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
sleep {{ .Values.conf.haproxy.period }}
|
sleep {{ .Values.conf.haproxy.period }}
|
||||||
done
|
done
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
HELM=$1
|
HELM=$1
|
||||||
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.14.0-linux-amd64.tar.gz"}
|
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.14.1-linux-amd64.tar.gz"}
|
||||||
|
|
||||||
|
|
||||||
function install_helm_binary {
|
function install_helm_binary {
|
||||||
|
|
Loading…
Reference in New Issue