From cf903b9a98d832333b06d6e6f476aac925efb2ad Mon Sep 17 00:00:00 2001
From: Matus Jenca <matus.jenca@dnation.cloud>
Date: Mon, 15 Apr 2024 17:01:54 +0200
Subject: [PATCH] Patch service-cert-copy role to be used w/o HAProxy

Currently, service-cert-copy role used to copy certs and CA
into containers has 'when' statements  that check if HAProxy is
defined and enabled for the service. However, some services like
RabbitMQ, ProxySQL or Redis don't use HAProxy

This patch removes the when condition, as it is not necessary.

PartiallyImplements: mariadb-ssl
Change-Id: I8864e05212e0ed76ea3a0108b00ed9dd04b1a697
---
 ansible/roles/service-cert-copy/tasks/main.yml         | 10 ----------
 ...ice-cert-copy-without-haproxy-85d45834469aa9e8.yaml |  6 ++++++
 2 files changed, 6 insertions(+), 10 deletions(-)
 create mode 100644 releasenotes/notes/service-cert-copy-without-haproxy-85d45834469aa9e8.yaml

diff --git a/ansible/roles/service-cert-copy/tasks/main.yml b/ansible/roles/service-cert-copy/tasks/main.yml
index 2e4b8be089..27f5c20703 100644
--- a/ansible/roles/service-cert-copy/tasks/main.yml
+++ b/ansible/roles/service-cert-copy/tasks/main.yml
@@ -24,11 +24,6 @@
     dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-cert.pem"
     mode: "0644"
   become: true
-  when:
-    - item.value.haproxy is defined
-    - item.value.haproxy.values() | selectattr('enabled', 'defined') | map(attribute='enabled') | map('bool') | select | list | length > 0
-    - item.value.haproxy.values() | selectattr('tls_backend', 'defined') | map(attribute='tls_backend') | map('bool') | select | list | length > 0
-    - not kolla_externally_managed_cert | bool
   with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"
   notify:
     - "Restart {{ item.key }} container"
@@ -46,11 +41,6 @@
     dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-key.pem"
     mode: "0600"
   become: true
-  when:
-    - item.value.haproxy is defined
-    - item.value.haproxy.values() | selectattr('enabled', 'defined') | map(attribute='enabled') | map('bool') | select | list | length > 0
-    - item.value.haproxy.values() | selectattr('tls_backend', 'defined') | map(attribute='tls_backend') | map('bool') | select | list | length > 0
-    - not kolla_externally_managed_cert | bool
   with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"
   notify:
     - "Restart {{ item.key }} container"
diff --git a/releasenotes/notes/service-cert-copy-without-haproxy-85d45834469aa9e8.yaml b/releasenotes/notes/service-cert-copy-without-haproxy-85d45834469aa9e8.yaml
new file mode 100644
index 0000000000..cd05d366a2
--- /dev/null
+++ b/releasenotes/notes/service-cert-copy-without-haproxy-85d45834469aa9e8.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Implements service-cert-copy role being able to
+    copy certs to non-HAProxy container.
+    `Partial Blueprint mariadb-ssl-support <https://blueprints.launchpad.net/kolla-ansible/+spec/mariadb-ssl-support>`