Fix faulty precheck for RabbitMQ

When using externally managed certificates, according to [1], one should set `kolla_externally_managed_cert: yes` and ensure that the certificates are in the correct place. However, RabbitMQ precheck still expects the certificates to be available on the controller node. This is incorrect. Fix by not running the tasks in question when `kolla_externally_managed_cert: yes` [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html Closes-Bug: 1999081 Related-Bug: 1940286 Signed-off-by: Magnus Lööf <magnus.loof@basalt.se> Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
2022-12-07 18:44:12 +01:00 · 2022-12-07 18:44:12 +01:00 · fdacf9d1d9
parent 557b1272ff
commit fdacf9d1d9
3 changed files with 12 additions and 0 deletions
--- a/ansible/roles/rabbitmq/defaults/main.yml
+++ b/ansible/roles/rabbitmq/defaults/main.yml
@ -125,3 +125,5 @@ rabbitmq_feature_flags:
  - "virtual_host_metadata"
  - "maintenance_mode_status"
  - "user_limits"
+
+kolla_externally_managed_cert: False
--- a/ansible/roles/rabbitmq/tasks/precheck.yml
+++ b/ansible/roles/rabbitmq/tasks/precheck.yml
@ -88,6 +88,7 @@
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
      - "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
  when:
+    - not kolla_externally_managed_cert | bool
    - rabbitmq_enable_tls | bool

 - name: Check if TLS key exists for RabbitMQ
@ -101,6 +102,7 @@
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
      - "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
  when:
+    - not kolla_externally_managed_cert | bool
    - rabbitmq_enable_tls | bool

 - name: Checking free port for outward RabbitMQ
@ -179,6 +181,7 @@
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
      - "{{ kolla_certificates_dir }}/outward_rabbitmq-cert.pem"
  when:
+    - not kolla_externally_managed_cert | bool
    - enable_outward_rabbitmq | bool
    - rabbitmq_enable_tls | bool

@ -193,6 +196,7 @@
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
      - "{{ kolla_certificates_dir }}/outward_rabbitmq-key.pem"
  when:
+    - not kolla_externally_managed_cert | bool
    - enable_outward_rabbitmq | bool
    - rabbitmq_enable_tls | bool

--- a/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
+++ b/releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The precheck for RabbitMQ failed incorrectly when
+    ``kolla_externally_managed_cert`` was set to ``true``.
+    `LP#1999081 <https://bugs.launchpad.net/kolla-ansible/+bug/1999081>`__