|
@ -43,7 +43,8 @@ |
|
|
# needing to reload HAProxy. Default is "no". |
|
|
# needing to reload HAProxy. Default is "no". |
|
|
# |
|
|
# |
|
|
# Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat |
|
|
# Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat |
|
|
# address format. |
|
|
|
|
|
|
|
|
# address format. The certificate can be deployed to a comma separated ',' list |
|
|
|
|
|
# of hosts ("TCP4:10.0.0.1:1999,TCP4:10.0.0.2:1999") |
|
|
# |
|
|
# |
|
|
# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock" |
|
|
# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock" |
|
|
# |
|
|
# |
|
@ -193,7 +194,6 @@ haproxy_deploy() { |
|
|
_issuer="${_pem}.issuer" |
|
|
_issuer="${_pem}.issuer" |
|
|
_ocsp="${_pem}.ocsp" |
|
|
_ocsp="${_pem}.ocsp" |
|
|
_reload="${Le_Deploy_haproxy_reload}" |
|
|
_reload="${Le_Deploy_haproxy_reload}" |
|
|
_statssock="${Le_Deploy_haproxy_stats_socket}" |
|
|
|
|
|
|
|
|
|
|
|
_info "Deploying PEM file" |
|
|
_info "Deploying PEM file" |
|
|
# Create a temporary PEM file |
|
|
# Create a temporary PEM file |
|
@ -327,7 +327,9 @@ haproxy_deploy() { |
|
|
|
|
|
|
|
|
# Update certificate over HAProxy stats socket or master CLI. |
|
|
# Update certificate over HAProxy stats socket or master CLI. |
|
|
if _exists socat; then |
|
|
if _exists socat; then |
|
|
# look for the certificate on the stats socket, to chose between updating or creating one |
|
|
|
|
|
|
|
|
export IFS=',' |
|
|
|
|
|
for _statssock in ${Le_Deploy_haproxy_stats_socket}; do |
|
|
|
|
|
# look for the certificate on the stats socket, to choVse between updating or creating one |
|
|
_socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'" |
|
|
_socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'" |
|
|
_debug _socat_cert_cmd "${_socat_cert_cmd}" |
|
|
_debug _socat_cert_cmd "${_socat_cert_cmd}" |
|
|
eval "${_socat_cert_cmd}" |
|
|
eval "${_socat_cert_cmd}" |
|
@ -383,6 +385,7 @@ haproxy_deploy() { |
|
|
return "${_ret}" |
|
|
return "${_ret}" |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
done |
|
|
else |
|
|
else |
|
|
_err "'socat' is not available, couldn't update over ${_socketname}" |
|
|
_err "'socat' is not available, couldn't update over ${_socketname}" |
|
|
fi |
|
|
fi |
|
|