Debian reenable opentack-helm/openstack-helm-infra

Change Ifb7946e9a289234047934b52d200b951a59c1a3f was rebased wrong and intends to use an old method of building openstack-armada-app openstack-helm and openstack-helm-infrafor debian. This patch correctly applies the new patch changes. Test Plan: PASS: Centos Build (build-pkgs openstack-helm-infra openstack-helm) PASS: Debian Build (build-pkgs -p openstack-helm-infra build-pkgs -p openstack-helm) Closes-bug: 1960968 Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com> Change-Id: Ica08158dbba5a10ec7b6266b6808d22d53244095
2022-02-15 19:12:44 -03:00 · 2022-02-15 19:12:44 -03:00 · b06eb5f63a
commit b06eb5f63a
parent 27c4d562c8
9 changed files with 4607 additions and 37 deletions
--- a/openstack-helm-infra/debian/deb_folder/patches/0020-Fix-tls-in-openstack-helm-infra.patch
+++ b/openstack-helm-infra/debian/deb_folder/patches/0020-Fix-tls-in-openstack-helm-infra.patch
@ -0,0 +1,136 @@
+From d7d223ef40ab11e5c9a00b4b30000f6905885c04 Mon Sep 17 00:00:00 2001
+From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
+Date: Wed, 19 Jan 2022 11:54:38 -0300
+Subject: [PATCH] Fix Support for TLS in openstack-helm-infra
+
+WIP
+
+Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
+Change-Id: I382e0fc68c9a92c6a9570097db2c6a959525059d
+---
+ .../templates/manifests/_secret-tls.yaml.tpl  | 97 +++++++------------
+ 1 file changed, 33 insertions(+), 64 deletions(-)
+
+diff --git a/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
+index 24a70450..f34ac527 100644
+--- a/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
+@@ -15,66 +15,36 @@ limitations under the License.
+ {{/*
+ abstract: |
+   Creates a manifest for a services public tls secret
+-examples:
+-  - values: |
+-      secrets:
+-        tls:
+-          key_manager:
+-            api:
+-              public: barbican-tls-public
+-      endpoints:
+-        key_manager:
+-          host_fqdn_override:
+-            public:
+-              tls:
+-                crt: |
+-                  FOO-CRT
+-                key: |
+-                  FOO-KEY
+-                ca: |
+-                  FOO-CA_CRT
+-  usage: |
+-    {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
+-  return: |
+-    ---
+-    apiVersion: v1
+-    kind: Secret
+-    metadata:
+-      name: barbican-tls-public
+-    type: kubernetes.io/tls
+-    data:
+-      tls.key: Rk9PLUtFWQo=
+-      tls.crt: Rk9PLUNSVAoKRk9PLUNBX0NSVAo=
+-
+-  - values: |
+-      secrets:
+-        tls:
+-          key_manager:
+-            api:
+-              public: barbican-tls-public
+-      endpoints:
+-        key_manager:
+-          host_fqdn_override:
+-            public:
+-              tls:
+-                crt: |
+-                  FOO-CRT
+-                  FOO-INTERMEDIATE_CRT
+-                  FOO-CA_CRT
+-                key: |
+-                  FOO-KEY
+-  usage: |
+-    {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
+-  return: |
+-    ---
+-    apiVersion: v1
+-    kind: Secret
+-    metadata:
+-      name: barbican-tls-public
+-    type: kubernetes.io/tls
+-    data:
+-      tls.key: Rk9PLUtFWQo=
+-      tls.crt: Rk9PLUNSVApGT08tSU5URVJNRURJQVRFX0NSVApGT08tQ0FfQ1JUCg==
+values: |
+  secrets:
+    tls:
+      key_manager:
+        api:
+          public: barbican-tls-public
+  endpoints:
+    key_manager:
+      host_fqdn_override:
+        public:
+          tls:
+            crt: |
+              FOO-CRT
+            key: |
+              FOO-KEY
+            ca: |
+              FOO-CA_CRT
+usage: |
+  {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
+return: |
+  ---
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: barbican-tls-public
+  type: kubernetes.io/tls
+  data:
+    tls.crt: Rk9PLUNSVAo=
+    tls.key: Rk9PLUtFWQo=
+    ca.crt: Rk9PLUNBX0NSVAo=
+ */}}
+ 
+ {{- define "helm-toolkit.manifests.secret_ingress_tls" }}
+@@ -95,14 +65,13 @@ metadata:
+   name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
+ type: kubernetes.io/tls
+ data:
+  tls.crt: {{ $endpointHost.tls.crt | b64enc }}
+   tls.key: {{ $endpointHost.tls.key | b64enc }}
+ {{- if $endpointHost.tls.ca }}
+-  tls.crt: {{ list $endpointHost.tls.crt $endpointHost.tls.ca | join "\n" | b64enc }}
+-{{- else }}
+-  tls.crt: {{ $endpointHost.tls.crt | b64enc }}
+-{{- end }}
+  ca.crt: {{ $endpointHost.tls.ca | b64enc }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+\ No newline at end of file
+-- 
+2.17.1
+
--- a/openstack-helm-infra/debian/deb_folder/patches/0021-Remove-mariadb-tls.patch
+++ b/openstack-helm-infra/debian/deb_folder/patches/0021-Remove-mariadb-tls.patch
@ -0,0 +1,191 @@
+From 6fa2814271b7806aece4fb44f6d8eabe8c5ab6aa Mon Sep 17 00:00:00 2001
+From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
+Date: Tue, 8 Feb 2022 09:18:02 -0300
+Subject: [PATCH 21/22] Remove mariadb
+
+Change-Id: I37405da8faab3495ebe55c81389e0d769aaeb1d1
+---
+ .../templates/manifests/_job-db-drop-mysql.tpl     |  7 -------
+ .../templates/manifests/_job-db-init-mysql.tpl     |  7 -------
+ helm-toolkit/templates/manifests/_job-db-sync.tpl  |  3 ---
+ helm-toolkit/templates/scripts/_db-drop.py.tpl     | 11 ++---------
+ helm-toolkit/templates/scripts/_db-init.py.tpl     | 14 ++++----------
+ 5 files changed, 6 insertions(+), 36 deletions(-)
+
+diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+index 934a2435..8ae71c67 100644
+--- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+@@ -37,7 +37,6 @@ limitations under the License.
+ {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
+ {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
+ {{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
+-{{- $dbAdminTlsSecret := index . "dbAdminTlsSecret" | default "" -}}
+ 
+ {{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-drop" }}
+ {{ tuple $envAll "db_drop" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+@@ -133,9 +132,6 @@ spec:
+               subPath: {{ base $dbToDrop.logConfigFile | quote }}
+               readOnly: true
+ {{- end }}
+-{{- if $envAll.Values.manifests.certificates }}
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+-{{- end }}
+ {{- end }}
+       volumes:
+         - name: pod-tmp
+@@ -150,9 +146,6 @@ spec:
+             name: {{ $configMapBin | quote }}
+             defaultMode: 0555
+ {{- end }}
+-{{- if $envAll.Values.manifests.certificates }}
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+-{{- end }}
+ {{- $local := dict "configMapBinFirst" true -}}
+ {{- range $key1, $dbToDrop := $dbsToDrop }}
+ {{- $dbToDropType := default "oslo" $dbToDrop.inputType }}
+diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+index c164ad0a..dcfbb35f 100644
+--- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+@@ -37,7 +37,6 @@ limitations under the License.
+ {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
+ {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
+ {{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
+-{{- $dbAdminTlsSecret := index . "dbAdminTlsSecret" | default "" -}}
+ 
+ {{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-init" }}
+ {{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+@@ -132,9 +131,6 @@ spec:
+               subPath: {{ base $dbToInit.logConfigFile | quote }}
+               readOnly: true
+ {{- end }}
+-{{- if $envAll.Values.manifests.certificates }}
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+-{{- end }}
+ {{- end }}
+       volumes:
+         - name: pod-tmp
+@@ -149,9 +145,6 @@ spec:
+             name: {{ $configMapBin | quote }}
+             defaultMode: 0555
+ {{- end }}
+-{{- if $envAll.Values.manifests.certificates }}
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+-{{- end }}
+ {{- $local := dict "configMapBinFirst" true -}}
+ {{- range $key1, $dbToInit := $dbsToInit }}
+ {{- $dbToInitType := default "oslo" $dbToInit.inputType }}
+diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl
+index 659238a4..f181061f 100644
+--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl
+@@ -34,7 +34,6 @@ limitations under the License.
+ {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
+ {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
+ {{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
+-{{- $dbAdminTlsSecret := index . "dbAdminTlsSecret" | default "" -}}
+ 
+ {{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-sync" }}
+ {{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+@@ -106,7 +105,6 @@ spec:
+               mountPath: {{ $dbToSync.logConfigFile | quote }}
+               subPath: {{ base $dbToSync.logConfigFile | quote }}
+               readOnly: true
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+ {{- if $podVolMounts }}
+ {{ $podVolMounts | toYaml | indent 12 }}
+ {{- end }}
+@@ -129,7 +127,6 @@ spec:
+           secret:
+             secretName: {{ $configMapEtc | quote }}
+             defaultMode: 0444
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+ {{- if $podVols }}
+ {{ $podVols | toYaml | indent 8 }}
+ {{- end }}
+diff --git a/helm-toolkit/templates/scripts/_db-drop.py.tpl b/helm-toolkit/templates/scripts/_db-drop.py.tpl
+index 03884fa1..81447546 100644
+--- a/helm-toolkit/templates/scripts/_db-drop.py.tpl
+++ b/helm-toolkit/templates/scripts/_db-drop.py.tpl
+@@ -54,13 +54,6 @@ else:
+     logger.critical('environment variable ROOT_DB_CONNECTION not set')
+     sys.exit(1)
+ 
+-mysql_x509 = os.getenv('MARIADB_X509', "")
+-ssl_args = {}
+-if mysql_x509:
+-    ssl_args = {'ssl': {'ca': '/etc/mysql/certs/ca.crt',
+-                        'key': '/etc/mysql/certs/tls.key',
+-                        'cert': '/etc/mysql/certs/tls.crt'}}
+-
+ # Get the connection string for the service db
+ if "OPENSTACK_CONFIG_FILE" in os.environ:
+     os_conf = os.environ['OPENSTACK_CONFIG_FILE']
+@@ -101,7 +94,7 @@ try:
+     host = root_engine_full.url.host
+     port = root_engine_full.url.port
+     root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
+-    root_engine = create_engine(root_engine_url, connect_args=ssl_args)
+    root_engine = create_engine(root_engine_url)
+     connection = root_engine.connect()
+     connection.close()
+     logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
+@@ -112,7 +105,7 @@ except:
+ 
+ # User DB engine
+ try:
+-    user_engine = create_engine(user_db_conn, connect_args=ssl_args)
+    user_engine = create_engine(user_db_conn)
+     # Get our user data out of the user_engine
+     database = user_engine.url.database
+     user = user_engine.url.username
+diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl
+index 4294d40c..9671b734 100644
+--- a/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/helm-toolkit/templates/scripts/_db-init.py.tpl
+@@ -54,12 +54,6 @@ else:
+     logger.critical('environment variable ROOT_DB_CONNECTION not set')
+     sys.exit(1)
+ 
+-mysql_x509 = os.getenv('MARIADB_X509', "")
+-ssl_args = {}
+-if mysql_x509:
+-    ssl_args = {'ssl': {'ca': '/etc/mysql/certs/ca.crt',
+-                'key': '/etc/mysql/certs/tls.key',
+-                'cert': '/etc/mysql/certs/tls.crt'}}
+ 
+ # Get the connection string for the service db
+ if "OPENSTACK_CONFIG_FILE" in os.environ:
+@@ -101,7 +95,7 @@ try:
+     host = root_engine_full.url.host
+     port = root_engine_full.url.port
+     root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
+-    root_engine = create_engine(root_engine_url, connect_args=ssl_args)
+    root_engine = create_engine(root_engine_url)
+     connection = root_engine.connect()
+     connection.close()
+     logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
+@@ -112,7 +106,7 @@ except:
+ 
+ # User DB engine
+ try:
+-    user_engine = create_engine(user_db_conn, connect_args=ssl_args)
+    user_engine = create_engine(user_db_conn)
+     # Get our user data out of the user_engine
+     database = user_engine.url.database
+     user = user_engine.url.username
+@@ -133,8 +127,8 @@ except:
+ # Create DB User
+ try:
+     root_engine.execute(
+-        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
+-            database, user, password, mysql_x509))
+        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format(
+            database, user, password))
+     logger.info("Created user {0} for {1}".format(user, database))
+ except:
+     logger.critical("Could not create user {0} for {1}".format(user, database))
+-- 
+2.17.1
+
--- a/openstack-helm-infra/debian/deb_folder/patches/0022-Remove-rabbitmq-tls.patch
+++ b/openstack-helm-infra/debian/deb_folder/patches/0022-Remove-rabbitmq-tls.patch
@ -0,0 +1,91 @@
+From 4b2cc6a3c4b9af9dd2688d52b493828cef97cdb6 Mon Sep 17 00:00:00 2001
+From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
+Date: Tue, 8 Feb 2022 09:20:36 -0300
+Subject: [PATCH 22/22] remove rabbit tls
+
+Change-Id: I04c4c25c72b10b87e71c2f286e21526e5e062b67
+---
+ .../templates/manifests/_job-rabbit-init.yaml.tpl | 15 ---------------
+ .../templates/scripts/_rabbit-init.sh.tpl         | 15 ---------------
+ 2 files changed, 30 deletions(-)
+
+diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+index 59e0da0f..b776d055 100644
+--- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+@@ -25,9 +25,6 @@ limitations under the License.
+ {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
+ {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
+ {{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
+-{{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
+-{{- $tlsPath := index . "tlsPath" | default "/etc/rabbitmq/certs" -}}
+-{{- $tlsSecret := index . "tlsSecret" | default "" -}}
+ 
+ {{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "rabbit-init" }}
+ {{ tuple $envAll "rabbit_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+@@ -85,9 +82,6 @@ spec:
+               mountPath: /tmp/rabbit-init.sh
+               subPath: rabbit-init.sh
+               readOnly: true
+-{{- if $envAll.Values.manifests.certificates }}
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $tlsSecret "path" $tlsPath | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+-{{- end }}
+           env:
+           - name: RABBITMQ_ADMIN_CONNECTION
+             valueFrom:
+@@ -102,12 +96,6 @@ spec:
+ {{- if $envAll.Values.conf.rabbitmq }}
+           - name: RABBITMQ_AUXILIARY_CONFIGURATION
+             value: {{ toJson $envAll.Values.conf.rabbitmq | quote }}
+-{{- end }}
+-{{- if and $envAll.Values.manifests.certificates (ne $tlsSecret "") }}
+-          - name: RABBITMQ_X509
+-            value: "REQUIRE X509"
+-          - name: USER_CERT_PATH
+-            value: {{ $tlsPath | quote }}
+ {{- end }}
+       volumes:
+         - name: pod-tmp
+@@ -122,7 +110,4 @@ spec:
+             name: {{ $configMapBin | quote }}
+             defaultMode: 0555
+ {{- end }}
+-{{- if $envAll.Values.manifests.certificates }}
+-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+-{{- end }}
+ {{- end -}}
+diff --git a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+index 87872d6f..7fb16a0f 100644
+--- a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+++ b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+@@ -47,27 +47,12 @@ RABBITMQ_VHOST=$(echo "${RABBITMQ_USER_CONNECTION}" | \
+ RABBITMQ_VHOST="${RABBITMQ_VHOST:-/}"
+ 
+ function rabbitmqadmin_cli () {
+-  if [ -n "$RABBITMQ_X509" ]
+-  then
+     rabbitmqadmin \
+-      --ssl \
+-      --ssl-disable-hostname-verification \
+-      --ssl-ca-cert-file="${USER_CERT_PATH}/ca.crt" \
+-      --ssl-cert-file="${USER_CERT_PATH}/tls.crt" \
+-      --ssl-key-file="${USER_CERT_PATH}/tls.key" \
+       --host="${RABBIT_HOSTNAME}" \
+       --port="${RABBIT_PORT}" \
+       --username="${RABBITMQ_ADMIN_USERNAME}" \
+       --password="${RABBITMQ_ADMIN_PASSWORD}" \
+       ${@}
+-  else
+-    rabbitmqadmin \
+-      --host="${RABBIT_HOSTNAME}" \
+-      --port="${RABBIT_PORT}" \
+-      --username="${RABBITMQ_ADMIN_USERNAME}" \
+-      --password="${RABBITMQ_ADMIN_PASSWORD}" \
+-      ${@}
+-  fi
+ }
+ 
+ echo "Managing: User: ${RABBITMQ_USERNAME}"
+-- 
+2.17.1
+
--- a/openstack-helm-infra/debian/deb_folder/patches/series
+++ b/openstack-helm-infra/debian/deb_folder/patches/series
@ -11,3 +11,6 @@
 0017-Enable-taint-toleration-for-Openstack-services.patch
 0018-Add-GaleraDB-Secure-Replica-Traffic.patch
 0019-Add-force_boot-command-to-rabbit-start-template.patch
+0020-Fix-tls-in-openstack-helm-infra.patch
+0021-Remove-mariadb-tls.patch
+0022-Remove-rabbitmq-tls.patch
--- a/openstack-helm-infra/debian/deb_folder/rules
+++ b/openstack-helm-infra/debian/deb_folder/rules
@ -8,25 +8,6 @@ export HELM_FOLDER = $(ROOT)/usr/lib/helm
 	dh $@

 override_dh_auto_build:
-	# Move the source files from the extracted root directory to build root.
-	mv openstack-helm-infra/* .
-	# Apply the openstack-helm-infra patches.
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0001-Add-imagePullSecrets-in-service-account.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0003-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0004-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0005-Add-io_thread_pool-for-rabbitmq.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0006-Enable-override-of-rabbitmq-probe-parameters.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0009-Enable-override-of-mariadb-server-probe-parameters.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0011-Add-mariadb-database-config-override-to-support-ipv6.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0012-enable-Values.conf.database.config_override-for-mari.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0013-Allow-set-public-endpoint-url-for-all-openstack-types.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0016-Disabling-helm3_hooks.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0017-Enable-taint-toleration-for-Openstack-services.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0018-Add-GaleraDB-Secure-Replica-Traffic.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0019-Add-force_boot-command-to-rabbit-start-template.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0020-Fix-tls-in-openstack-helm-infra.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0021-Remove-mariadb-tls.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0022-Remove-rabbitmq-tls.patch
 	# Host a server for the helm charts.
 	chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." &
 	sleep 2
--- a/openstack-helm/debian/deb_folder/patches/0013-Remove-TLS-from-openstack-services.patch
+++ b/openstack-helm/debian/deb_folder/patches/0013-Remove-TLS-from-openstack-services.patch
--- a/openstack-helm/debian/deb_folder/patches/0014-Remove-mariadb-and-rabbit-tls.patch
+++ b/openstack-helm/debian/deb_folder/patches/0014-Remove-mariadb-and-rabbit-tls.patch
--- a/openstack-helm/debian/deb_folder/patches/series
+++ b/openstack-helm/debian/deb_folder/patches/series
@ -9,4 +9,6 @@
 0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
 0010-Enable-taint-toleration-for-Openstack-services.patch
 0011-Fix-nova-compute-ssh-init-to-execute-as-runAsUser.patch
-0012-Replace-deprecated-Nova-VNC-configurations.patch
+0012-Replace-deprecated-Nova-VNC-configurations.patch
+0013-Remove-TLS-from-openstack-services.patch
+0014-Remove-mariadb-and-rabbit-tls.patch
--- a/openstack-helm/debian/deb_folder/rules
+++ b/openstack-helm/debian/deb_folder/rules
@ -11,25 +11,8 @@ export TOOLKIT_VERSION = 0.2.19
 	dh $@

 override_dh_auto_build:
-	# Move the source files from the extracted root directory to build root.
-	mv openstack-helm/* .
 	# Stage helm-toolkit in the local repo.
 	cp $(HELM_FOLDER)/helm-toolkit-$(TOOLKIT_VERSION).tgz .
-	# Apply the openstack-helm patches.
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0002-Nova-console-ip-address-search-optionality.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0003-Nova-chart-Support-ephemeral-pool-creation.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0004-Support-ingress-creation-for-keystone-admin-endpoint.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0005-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0006-Wrong-usage-of-rbd_store_chunk_size.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0007-Add-stx_admin-account.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0008-Disabling-helm3_hook.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0010-Enable-taint-toleration-for-Openstack-services.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0011-Fix-nova-compute-ssh-init-to-execute-as-runAsUser.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0012-Replace-deprecated-Nova-VNC-configurations.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0013-Remove-TLS-from-openstack-services.patch
-	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0014-Remove-mariadb-and-rabbit-tls.patch
 	# Host a server for the helm charts.
 	chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" \
 		--storage-local-rootdir="." &