Merge "Optimize conditions for TLS support"

This commit is contained in:
Zuul 2021-03-22 18:21:51 +00:00 committed by Gerrit Code Review
commit d80d8ab57b
5 changed files with 10 additions and 12 deletions

View File

@ -99,7 +99,6 @@ parameter_groups:
conditions:
service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']}
ceilometer_qdr_publish: {equals: [{get_param: CeilometerQdrPublish}, true]}
memcached_tls: {equals: [{get_param: MemcachedTLS}, true]}
outputs:
role_data:
@ -129,7 +128,7 @@ outputs:
ceilometer::snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
ceilometer::host: "%{hiera('fqdn_canonical')}"
- if:
- memcached_tls
- {get_param: MemcachedTLS}
- ceilometer::cache_backend: 'dogpile.cache.pymemcache'
ceilometer::cache_tls_enabled: true
- {}

View File

@ -142,8 +142,8 @@ conditions:
service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
tls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, true]}
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
cors_allowed_origin_unset: {equals : [{get_param: HeatCorsAllowedOrigin}, '']}
outputs:

View File

@ -356,12 +356,12 @@ conditions:
service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
nontls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, false]}
- {get_param: EnableCache}
- not: {get_param: MemcachedTLS}
tls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, true]}
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
# Security compliance

View File

@ -89,7 +89,7 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: MemcachedTLS}, true]}
internal_tls_enabled: {get_param: MemcachedTLS}
# NOTE: A non-tls port is necessary while there are still services
# consuming Memcached that do not support TLS. Once all services
# do support TLS, this config should be dropped.

View File

@ -255,9 +255,8 @@ conditions:
service_debug_unset: {equals : [{get_param: NovaDebug}, '']}
tls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, true]}
cache_disabled: {equals : [{get_param: EnableCache}, false]}
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
resources: