openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Simplify internal_tls_enabled conditions 

We do not need to add an if: internal_tls_enabled in a number of
ansible tasks. enabled_internal_tls is already defined as an ansible
fact in common/deploy-steps.j2:
enable_internal_tls: {get_param: EnableInternalTLS}

So when the service uses the enable_internal_tls condition and it points
to the EnableInternalTLS param, we can just use the ansible fact
directly. Note that if the enable_internal_tls condition points to
something else than the mere EnableInternalTLS we may not do this
cleanup.

Change-Id: Idb07cbc8fc3a4d73ff52c54d869310fd6c49b502
This commit is contained in:
Michele Baldessari 2021-03-17 10:19:54 +01:00
parent bb81090ef1
commit 5e4c17acfb
13 changed files with 520 additions and 547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deployment/apache/apache-baremetal-puppet.j2.yaml
View File

@ -133,11 +133,10 @@ outputs:
- null
upgrade_tasks: []
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- name: Create dirs for certificates and keys
file:
@ -170,5 +169,4 @@ outputs:
ca: ipa
for_each:
NETWORK: {get_attr: [ApacheNetworks, value]}
- null
{%- endraw %}

8
deployment/ceph-ansible/ceph-grafana.yaml
View File

@ -161,11 +161,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -195,4 +194,3 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: GrafanaCertificateKeySize}
ca: ipa
- null

8
deployment/ceph-ansible/ceph-rgw.yaml
View File

@ -174,11 +174,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -213,4 +212,3 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: CephRgwCertificateKeySize}
ca: ipa
- null

8
deployment/database/mysql-base.yaml
View File

@ -174,11 +174,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -205,4 +204,3 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: MysqlCertificateKeySize}
ca: ipa
- null

8
deployment/database/redis-container-puppet.yaml
View File

@ -196,11 +196,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -240,7 +239,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: RedisCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file:

8
deployment/metrics/qdr-container-puppet.yaml
View File

@ -327,11 +327,10 @@ outputs:
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -379,7 +378,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: QdrCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent logs directory
file:

8
deployment/neutron/neutron-dhcp-container-puppet.yaml
View File

@ -382,11 +382,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -422,7 +421,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: NeutronDhcpCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}

8
deployment/ovn/ovn-controller-container-puppet.yaml
View File

@ -291,11 +291,10 @@ outputs:
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -318,7 +317,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: ContainerOvnCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file:

11
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
View File

@ -228,8 +228,7 @@ outputs:
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
deploy_steps_tasks:
list_concat:
- - name: OVN DBS tag container image for pacemaker
- name: OVN DBS tag container image for pacemaker
when: step|int == 1
import_role:
name: tripleo_container_tag
@ -251,11 +250,10 @@ outputs:
tripleo_ha_wrapper_puppet_execute: 'include ::tripleo::profile::base::pacemaker; include ::tripleo::profile::pacemaker::ovn_dbs_bundle'
tripleo_ha_wrapper_puppet_tags: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
tripleo_ha_wrapper_puppet_debug: {get_param: ConfigDebug}
- if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -278,7 +276,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: OvnDBSCertificateKeySize}
ca: ipa
- []
update_tasks:
- name: Tear-down non-HA ovn-dbs containers
when:

8
deployment/ovn/ovn-metadata-container-puppet.yaml
View File

@ -336,11 +336,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -363,7 +362,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: OvnMetadataCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}

8
deployment/rabbitmq/rabbitmq-container-puppet.yaml
View File

@ -335,11 +335,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -387,7 +386,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: RabbitmqCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file:

8
deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml
View File

@ -270,11 +270,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -322,7 +321,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: RabbitmqMessageCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file:

8
deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
View File

@ -270,11 +270,10 @@ outputs:
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
when: step|int == 1
when:
- step|int == 1
- enable_internal_tls
block:
- include_role:
name: linux-system-roles.certificate
@ -322,7 +321,6 @@ outputs:
- {get_param: CertificateKeySize}
- {get_param: RpcCertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file: