Fix faulty precheck for RabbitMQ

When using externally managed certificates, according to [1], one should set `kolla_externally_managed_cert: yes` and ensure that the certificates are in the correct place. However, RabbitMQ precheck still expects the certificates to be available on the controller node. This is incorrect. Fix by not running the tasks in question when `kolla_externally_managed_cert: yes` [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html Closes-Bug: 1999081 Related-Bug: 1940286 Signed-off-by: Magnus Lööf <magnus.loof@basalt.se> Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808 (cherry picked from commit fdacf9d1d9)
2022-12-07 18:44:12 +01:00 · 2022-12-07 18:44:12 +01:00 · 5f01fa1d53
parent 6028760113
commit 5f01fa1d53
3 changed files with 12 additions and 0 deletions
--- a/ansible/roles/rabbitmq/defaults/main.yml
+++ b/ansible/roles/rabbitmq/defaults/main.yml
@ -96,3 +96,5 @@ rabbitmq_plugins:
    enabled: "{{ rabbitmq_enable_prometheus_plugin | bool }}"

 rabbitmq_enabled_plugins: "{{ rabbitmq_plugins | selectattr('enabled', 'equalto', true) | list }}"
+
+kolla_externally_managed_cert: False
--- a/ansible/roles/rabbitmq/tasks/precheck.yml
+++ b/ansible/roles/rabbitmq/tasks/precheck.yml
@ -87,6 +87,7 @@
  fail:
    msg: No TLS certificate provided for RabbitMQ.
  when:
+    - not kolla_externally_managed_cert | bool
    - rabbitmq_enable_tls | bool
    - cert | length == 0

@ -100,6 +101,7 @@
  fail:
    msg: No TLS key provided for RabbitMQ.
  when:
+    - not kolla_externally_managed_cert | bool
    - rabbitmq_enable_tls | bool
    - key | length == 0

@ -178,6 +180,7 @@
  fail:
    msg: No TLS certificate provided for outward RabbitMQ.
  when:
+    - not kolla_externally_managed_cert | bool
    - enable_outward_rabbitmq | bool
    - rabbitmq_enable_tls | bool
    - cert | length == 0
@ -192,6 +195,7 @@
  fail:
    msg: No TLS key provided for outward RabbitMQ.
  when:
+    - not kolla_externally_managed_cert | bool
    - enable_outward_rabbitmq | bool
    - rabbitmq_enable_tls | bool
    - key | length == 0
--- a/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
+++ b/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The precheck for RabbitMQ failed incorrectly when
+    ``kolla_externally_managed_cert`` was set to ``true``.
+    `LP#1999081 <https://bugs.launchpad.net/kolla-ansible/+bug/1999081>`__