openstack/kolla-ansible
Code Issues Proposed changes

Merge "Run HAProxy in a chroot jail"

Browse Source
This commit is contained in:
Jenkins 2016-05-27 21:19:45 +00:00 committed by Gerrit Code Review
commit 162fa25829
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/haproxy/templates/haproxy.cfg.j2
View File

@ -1,5 +1,8 @@
{% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %} {% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %}
global global
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon daemon
log /var/lib/kolla/heka/log local0 log /var/lib/kolla/heka/log local0
maxconn 4000 maxconn 4000

4
docker/haproxy/Dockerfile.j2
View File

@ -15,6 +15,10 @@ RUN apt-get -y install --no-install-recommends \
{% endif %} {% endif %}
RUN usermod -a -G kolla haproxy \
&& mkdir -p /var/lib/kolla/haproxy \
&& chown -R haproxy: /var/lib /run
COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config
RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config