From fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Magnus=20L=C3=B6=C3=B6f?= <magnus.loof@basalt.se>
Date: Wed, 7 Dec 2022 18:44:12 +0100
Subject: [PATCH] Fix faulty precheck for RabbitMQ
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When using externally managed certificates, according to [1],
one should set `kolla_externally_managed_cert: yes` and ensure
that the certificates are in the correct place.

However, RabbitMQ precheck still expects the certificates to be
available on the controller node. This is incorrect.

Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

[1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

Closes-Bug: 1999081
Related-Bug: 1940286
Signed-off-by: Magnus Lööf <magnus.loof@basalt.se>
Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
---
 ansible/roles/rabbitmq/defaults/main.yml             | 2 ++
 ansible/roles/rabbitmq/tasks/precheck.yml            | 4 ++++
 releasenotes/notes/bug-1999081-769f1012263a48fd.yaml | 6 ++++++
 3 files changed, 12 insertions(+)
 create mode 100644 releasenotes/notes/bug-1999081-769f1012263a48fd.yaml

diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml
index 6c57e9ca38..c894b436ed 100644
--- a/ansible/roles/rabbitmq/defaults/main.yml
+++ b/ansible/roles/rabbitmq/defaults/main.yml
@@ -125,3 +125,5 @@ rabbitmq_feature_flags:
   - "virtual_host_metadata"
   - "maintenance_mode_status"
   - "user_limits"
+
+kolla_externally_managed_cert: False
diff --git a/ansible/roles/rabbitmq/tasks/precheck.yml b/ansible/roles/rabbitmq/tasks/precheck.yml
index b259f87537..ad663ce729 100644
--- a/ansible/roles/rabbitmq/tasks/precheck.yml
+++ b/ansible/roles/rabbitmq/tasks/precheck.yml
@@ -88,6 +88,7 @@
       - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
       - "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
   when:
+    - not kolla_externally_managed_cert | bool
     - rabbitmq_enable_tls | bool
 
 - name: Check if TLS key exists for RabbitMQ
@@ -101,6 +102,7 @@
       - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
       - "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
   when:
+    - not kolla_externally_managed_cert | bool
     - rabbitmq_enable_tls | bool
 
 - name: Checking free port for outward RabbitMQ
@@ -179,6 +181,7 @@
       - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
       - "{{ kolla_certificates_dir }}/outward_rabbitmq-cert.pem"
   when:
+    - not kolla_externally_managed_cert | bool
     - enable_outward_rabbitmq | bool
     - rabbitmq_enable_tls | bool
 
@@ -193,6 +196,7 @@
       - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
       - "{{ kolla_certificates_dir }}/outward_rabbitmq-key.pem"
   when:
+    - not kolla_externally_managed_cert | bool
     - enable_outward_rabbitmq | bool
     - rabbitmq_enable_tls | bool
 
diff --git a/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml b/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
new file mode 100644
index 0000000000..8e8a6c275a
--- /dev/null
+++ b/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The precheck for RabbitMQ failed incorrectly when
+    ``kolla_externally_managed_cert`` was set to ``true``.
+    `LP#1999081 <https://bugs.launchpad.net/kolla-ansible/+bug/1999081>`__