Fix faulty precheck for RabbitMQ
When using externally managed certificates, according to [1], one should set `kolla_externally_managed_cert: yes` and ensure that the certificates are in the correct place. However, RabbitMQ precheck still expects the certificates to be available on the controller node. This is incorrect. Fix by not running the tasks in question when `kolla_externally_managed_cert: yes` [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html Closes-Bug: 1999081 Related-Bug: 1940286 Signed-off-by: Magnus Lööf <magnus.loof@basalt.se> Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
This commit is contained in:
parent
557b1272ff
commit
fdacf9d1d9
@ -125,3 +125,5 @@ rabbitmq_feature_flags:
|
|||||||
- "virtual_host_metadata"
|
- "virtual_host_metadata"
|
||||||
- "maintenance_mode_status"
|
- "maintenance_mode_status"
|
||||||
- "user_limits"
|
- "user_limits"
|
||||||
|
|
||||||
|
kolla_externally_managed_cert: False
|
||||||
|
@ -88,6 +88,7 @@
|
|||||||
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
|
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
|
||||||
- "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
|
- "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
|
||||||
when:
|
when:
|
||||||
|
- not kolla_externally_managed_cert | bool
|
||||||
- rabbitmq_enable_tls | bool
|
- rabbitmq_enable_tls | bool
|
||||||
|
|
||||||
- name: Check if TLS key exists for RabbitMQ
|
- name: Check if TLS key exists for RabbitMQ
|
||||||
@ -101,6 +102,7 @@
|
|||||||
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
|
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
|
||||||
- "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
|
- "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
|
||||||
when:
|
when:
|
||||||
|
- not kolla_externally_managed_cert | bool
|
||||||
- rabbitmq_enable_tls | bool
|
- rabbitmq_enable_tls | bool
|
||||||
|
|
||||||
- name: Checking free port for outward RabbitMQ
|
- name: Checking free port for outward RabbitMQ
|
||||||
@ -179,6 +181,7 @@
|
|||||||
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
|
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
|
||||||
- "{{ kolla_certificates_dir }}/outward_rabbitmq-cert.pem"
|
- "{{ kolla_certificates_dir }}/outward_rabbitmq-cert.pem"
|
||||||
when:
|
when:
|
||||||
|
- not kolla_externally_managed_cert | bool
|
||||||
- enable_outward_rabbitmq | bool
|
- enable_outward_rabbitmq | bool
|
||||||
- rabbitmq_enable_tls | bool
|
- rabbitmq_enable_tls | bool
|
||||||
|
|
||||||
@ -193,6 +196,7 @@
|
|||||||
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
|
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
|
||||||
- "{{ kolla_certificates_dir }}/outward_rabbitmq-key.pem"
|
- "{{ kolla_certificates_dir }}/outward_rabbitmq-key.pem"
|
||||||
when:
|
when:
|
||||||
|
- not kolla_externally_managed_cert | bool
|
||||||
- enable_outward_rabbitmq | bool
|
- enable_outward_rabbitmq | bool
|
||||||
- rabbitmq_enable_tls | bool
|
- rabbitmq_enable_tls | bool
|
||||||
|
|
||||||
|
6
releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
Normal file
6
releasenotes/notes/bug-1999081-769f1012263a48fd.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
The precheck for RabbitMQ failed incorrectly when
|
||||||
|
``kolla_externally_managed_cert`` was set to ``true``.
|
||||||
|
`LP#1999081 <https://bugs.launchpad.net/kolla-ansible/+bug/1999081>`__
|
Loading…
Reference in New Issue
Block a user