Refactor Redis TLS options parsing to fix ActionCable configuration
What does this MR do and why?
This backports !219210 (merged) to 18-8-stable-ee.
Refactor Redis TLS options parsing to fix ActionCable configuration
Previously Redis SSL parameters cert_file and key_file were
converted to the appropriate types for OpenSSL via cert and file
parameters, but this was not happening for ActionCable settings. As a
result if someone attempted to configure Redis mutual TLS certificates
in Omnibus with
omnibus-gitlab!9012 (merged), an
exception would be raised:
undefined method `cert_file=' for an instance of OpenSSL::SSL::SSLContextExtract parse_client_tls_options from Wrapper into ConfigGenerator
as a public class method and call it automatically from
ConfigGenerator.generate. This ensures all Redis configuration
consumers (Wrapper, ActionCable, etc.) properly parse TLS options
without needing separate handling.
Note that cert_file and key_file parameters are no longer needed
because redis-client automatically converts the cert and key
parameters into the right OpenSSL types, but preserve these parameters
for backwards compatibility.
Fixes #586491 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
- This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
- The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
- The MR title is descriptive (e.g. "Backport of 'title of default branch MR'"). This is important, since the title will be copied to the patch blog post.
-
Required labels have been applied to this merge request
- severity label and bug subtype labels (if applicable)
- If this MR fixes a bug that affects customers, the customer label has been applied.
- This MR has been approved by a maintainer (only one approval is required).
-
Ensure the
e2e:test-on-omnibus-eejob has succeeded, or if it has failed, investigate the failures. If you determine the failures are unrelated, you may proceed. If you need assistance investigating, reach out to a Software Engineer in Test in #s_developer_experience.
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releasesSlack channel (internal only). - Once the backport has been merged, the commit changes will be automatically deployed to a release environment that can be used for manual validation. See after merging runbook for details.