From 5f01fa1d53919ca84e35d3021729f69779547e04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Magnus=20L=C3=B6=C3=B6f?= <magnus.loof@basalt.se>
Date: Wed, 7 Dec 2022 18:44:12 +0100
Subject: [PATCH] Fix faulty precheck for RabbitMQ
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When using externally managed certificates, according to [1],
one should set `kolla_externally_managed_cert: yes` and ensure
that the certificates are in the correct place.

However, RabbitMQ precheck still expects the certificates to be
available on the controller node. This is incorrect.

Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

[1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

Closes-Bug: 1999081
Related-Bug: 1940286
Signed-off-by: Magnus Lööf <magnus.loof@basalt.se>
Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
(cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)
---
 ansible/roles/rabbitmq/defaults/main.yml             | 2 ++
 ansible/roles/rabbitmq/tasks/precheck.yml            | 4 ++++
 releasenotes/notes/bug-1999081-769f1012263a48fd.yaml | 6 ++++++
 3 files changed, 12 insertions(+)
 create mode 100644 releasenotes/notes/bug-1999081-769f1012263a48fd.yaml

diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml
index 867e6cd050..4db682d81f 100644
--- a/ansible/roles/rabbitmq/defaults/main.yml
+++ b/ansible/roles/rabbitmq/defaults/main.yml
@@ -96,3 +96,5 @@ rabbitmq_plugins:
     enabled: "{{ rabbitmq_enable_prometheus_plugin | bool }}"
 
 rabbitmq_enabled_plugins: "{{ rabbitmq_plugins | selectattr('enabled', 'equalto', true) | list }}"
+
+kolla_externally_managed_cert: False
diff --git a/ansible/roles/rabbitmq/tasks/precheck.yml b/ansible/roles/rabbitmq/tasks/precheck.yml
index 3b0b6efd8a..acf3a28789 100644
--- a/ansible/roles/rabbitmq/tasks/precheck.yml
+++ b/ansible/roles/rabbitmq/tasks/precheck.yml
@@ -87,6 +87,7 @@
   fail:
     msg: No TLS certificate provided for RabbitMQ.
   when:
+    - not kolla_externally_managed_cert | bool
     - rabbitmq_enable_tls | bool
     - cert | length == 0
 
@@ -100,6 +101,7 @@
   fail:
     msg: No TLS key provided for RabbitMQ.
   when:
+    - not kolla_externally_managed_cert | bool
     - rabbitmq_enable_tls | bool
     - key | length == 0
 
@@ -178,6 +180,7 @@
   fail:
     msg: No TLS certificate provided for outward RabbitMQ.
   when:
+    - not kolla_externally_managed_cert | bool
     - enable_outward_rabbitmq | bool
     - rabbitmq_enable_tls | bool
     - cert | length == 0
@@ -192,6 +195,7 @@
   fail:
     msg: No TLS key provided for outward RabbitMQ.
   when:
+    - not kolla_externally_managed_cert | bool
     - enable_outward_rabbitmq | bool
     - rabbitmq_enable_tls | bool
     - key | length == 0
diff --git a/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml b/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
new file mode 100644
index 0000000000..8e8a6c275a
--- /dev/null
+++ b/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The precheck for RabbitMQ failed incorrectly when
+    ``kolla_externally_managed_cert`` was set to ``true``.
+    `LP#1999081 <https://bugs.launchpad.net/kolla-ansible/+bug/1999081>`__