From d280e417eacc5ac5eaa0722d1bc2bd427dc75926 Mon Sep 17 00:00:00 2001
From: Rawa Resul <rawa.resul@ibm.com>
Date: Thu, 3 Jul 2025 15:02:57 +0100
Subject: [PATCH 1/3] [patch] Make sls_domain optional

---
 .../roles/sls/tasks/install/main.yml          | 27 +++++--------------
 .../roles/sls/templates/licenseservice.yml.j2 |  2 ++
 2 files changed, 8 insertions(+), 21 deletions(-)

diff --git a/ibm/mas_devops/roles/sls/tasks/install/main.yml b/ibm/mas_devops/roles/sls/tasks/install/main.yml
index 8c94b86379..14a80e7d22 100644
--- a/ibm/mas_devops/roles/sls/tasks/install/main.yml
+++ b/ibm/mas_devops/roles/sls/tasks/install/main.yml
@@ -166,22 +166,7 @@
     config_files: ["ibm-sls-licenseservice.yml"]
 
 
-# 6. Set up the domain name for SLS
-# -----------------------------------------------------------------------------
-- name: "Get cluster subdomain"
-  kubernetes.core.k8s_info:
-    api_version: config.openshift.io/v1
-    kind: Ingress
-    name: cluster
-  register: _cluster_subdomain
-
-- name: "Configure default domain if not set"
-  ansible.builtin.set_fact:
-    sls_domain: "{{ sls_namespace }}.{{ _cluster_subdomain.resources[0].spec.domain }}"
-  when: not sls_domain
-
-
-# 7. Install Operator & create entitlement
+# 6. Install Operator & create entitlement
 # -----------------------------------------------------------------------------
 - name: "Create IBM Entitlement Key"
   when: before_sls_380 or (artifactory_username is defined and artifactory_username != "")
@@ -201,7 +186,7 @@
   register: subscription
 
 
-# 8. Wait until the LicenseService CRD is available
+# 7. Wait until the LicenseService CRD is available
 # -----------------------------------------------------------------------------
 - name: "Wait until the LicenseService CRD is available"
   include_tasks: "{{ role_path }}/../../common_tasks/wait_for_crd.yml"
@@ -209,7 +194,7 @@
     crd_name: licenseservices.sls.ibm.com
 
 
-# 9. Create Mongo Secret
+# 8. Create Mongo Secret
 # -----------------------------------------------------------------------------
 - name: Read MongoDb config file
   ansible.builtin.set_fact:
@@ -264,7 +249,7 @@
     template: templates/mongo-secret.yml.j2
 
 
-# 10. Bootstrap the license service
+# 9. Bootstrap the license service
 # -----------------------------------------------------------------------------
 - name: Initialize Bootstrap
   when: bootstrap_mode
@@ -314,7 +299,7 @@
     - entitlement_file != ""
 
 
-# 11. Create the license service CR
+# 10. Create the license service CR
 # -----------------------------------------------------------------------------
 - name: Create the sls.ibm.com/v1.LicenseService
   kubernetes.core.k8s:
@@ -324,7 +309,7 @@
   register: sls_cr_result
 
 
-# 12. Wait for it to hit Ready
+# 11. Wait for it to hit Ready
 # -----------------------------------------------------------------------------
 - name: Verify LicenseService CR
   ansible.builtin.include_tasks: "tasks/install/sls-verify.yml"
diff --git a/ibm/mas_devops/roles/sls/templates/licenseservice.yml.j2 b/ibm/mas_devops/roles/sls/templates/licenseservice.yml.j2
index 9491e035f3..6ec59995b3 100644
--- a/ibm/mas_devops/roles/sls/templates/licenseservice.yml.j2
+++ b/ibm/mas_devops/roles/sls/templates/licenseservice.yml.j2
@@ -10,7 +10,9 @@ metadata:
 {% endfor %}
 {% endif %}
 spec:
+{% if sls_domain is defined and sls_domain != "" %}
   domain: {{ sls_domain }}
+{% endif %}
 {% if after_sls_380 and ibm_sls_licenseservice_pod_templates is defined %}
   podTemplates: {{ ibm_sls_licenseservice_pod_templates }}
 {% endif %}

From 80181539514f07a594232e3819c96ef230f008dd Mon Sep 17 00:00:00 2001
From: Rawa Resul <rawa.resul@ibm.com>
Date: Fri, 4 Jul 2025 01:46:03 +0100
Subject: [PATCH 2/3] [patch] Add various fixes

---
 .../roles/sls/tasks/gencfg/main.yml           | 97 +++++++++++--------
 .../roles/sls/tasks/install/main.yml          |  2 +-
 .../sls/templates/mongo-certificates.yml.j2   |  6 +-
 3 files changed, 60 insertions(+), 45 deletions(-)

diff --git a/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml b/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml
index cbbfb742b5..2c22a53092 100644
--- a/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml
+++ b/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml
@@ -2,47 +2,62 @@
 ###############################################################################
 #                             New / Existing SLS                              #
 ###############################################################################
+- name: Obtain sls-suite-registration ConfigMap
+  when: (sls_tls_crt is not defined or sls_tls_crt == "") or
+        (sls_registration_key is not defined or sls_registration_key == "") or
+        (sls_domain is not defined or sls_domain == "")
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: ConfigMap
+    name: "{{ sls_instance_name }}-suite-registration"
+    namespace: "{{ sls_namespace }}"
+  register: _sls_suite_registration
 
-- name: Get SLS facts
-  when:
-    - sls_url is not defined or sls_url == ""
-    - sls_registration_key is not defined or sls_registration_key == ""
-    - sls_tls_crt is not defined or sls_tls_crt == ""
-  block:
-    - name: Obtain sls-suite-registration ConfigMap
-      kubernetes.core.k8s_info:
-        api_version: v1
-        kind: ConfigMap
-        name: "sls-suite-registration"
-        namespace: "{{ sls_namespace }}"
-      register: _sls_suite_registration
-
-    - name: "Assert that SLS registrationKey has been provided"
-      ansible.builtin.assert:
-        that:
-          - _sls_suite_registration.resources[0].data['registrationKey'] is defined
-          - _sls_suite_registration.resources[0].data['registrationKey'] != ""
-        fail_msg: "registrationKey is not defined in sls-suite-registration configmap"
-
-    - name: "Assert that SLS url has been provided"
-      ansible.builtin.assert:
-        that:
-          - _sls_suite_registration.resources[0].data['url'] is defined
-          - _sls_suite_registration.resources[0].data['url'] != ""
-        fail_msg: "url is not defined in sls-suite-registration configmap"
-
-    - name: "Assert that SLS CA certificate has been provided"
-      ansible.builtin.assert:
-        that:
-          - _sls_suite_registration.resources[0].data['ca'] is defined
-          - _sls_suite_registration.resources[0].data['ca'] != ""
-        fail_msg: "ca certificate is not defined in sls-suite-registration configmap"
-
-    - name: Set facts for SLSCfg
-      ansible.builtin.set_fact:
-        sls_registration_key: "{{ _sls_suite_registration.resources[0].data['registrationKey'] }}"
-        sls_url: "{{ _sls_suite_registration.resources[0].data['url'] }}"
-        sls_tls_crt: "{{ _sls_suite_registration.resources[0].data['ca'] }}"
+- name: "Assert that SLS CA certificate has been provided"
+  when: sls_tls_crt is not defined or sls_tls_crt == ""
+  ansible.builtin.assert:
+    that:
+      - _sls_suite_registration.resources[0].data['ca'] is defined
+      - _sls_suite_registration.resources[0].data['ca'] != ""
+    fail_msg: "ca certificate is not defined in sls-suite-registration configmap"
+
+- name: Set sls_tls_crt from sls-suite-registration ConfigMap
+  when: sls_tls_crt is not defined or sls_tls_crt == ""
+  ansible.builtin.set_fact:
+    sls_tls_crt: "{{ _sls_suite_registration.resources[0].data['ca'] }}"
+
+- name: "Assert that SLS registrationKey has been provided"
+  when: sls_registration_key is not defined or sls_registration_key == ""
+  ansible.builtin.assert:
+    that:
+      - _sls_suite_registration.resources[0].data['registrationKey'] is defined
+      - _sls_suite_registration.resources[0].data['registrationKey'] != ""
+    fail_msg: "registrationKey is not defined in sls-suite-registration configmap"
+
+- name: Set sls_registration_key from sls-suite-registration ConfigMap
+  when: sls_registration_key is not defined or sls_registration_key == ""
+  ansible.builtin.set_fact:
+    sls_registration_key: "{{ _sls_suite_registration.resources[0].data['registrationKey'] }}"
+
+# When installing SLS to an existing one there is a delay when switching from
+# service url to route hence we need to take the url from the sls_domain var
+- name: Set sls_url when sls_domain is defined
+  when: sls_domain is defined and sls_domain != ""
+  ansible.builtin.set_fact:
+    sls_url: "https://{{sls_instance_name}}.{{sls_namespace}}.{{sls_domain}}"
+
+- name: "Assert that SLS url has been provided"
+  when: sls_domain is not defined or sls_domain == ""
+  ansible.builtin.assert:
+    that:
+      - _sls_suite_registration.resources[0].data['url'] is defined
+      - _sls_suite_registration.resources[0].data['url'] != ""
+    fail_msg: "url is not defined in sls-suite-registration configmap"
+
+- name: Set sls_url from sls-suite-registration ConfigMap
+  when: sls_domain is not defined or sls_domain == ""
+  ansible.builtin.set_fact:
+    sls_url: "{{ _sls_suite_registration.resources[0].data['url'] }}"
 
 
 ###############################################################################
@@ -100,7 +115,7 @@
 
 # 4. Generate SLSCfg for MAS
 # -----------------------------------------------------------------------------
-- name: Copy SLSCfg to filesytem
+- name: Copy SLSCfg to filesystem
   ansible.builtin.template:
     src: slscfg.yml.j2
     dest: "{{ mas_config_dir }}/sls.yml"
diff --git a/ibm/mas_devops/roles/sls/tasks/install/main.yml b/ibm/mas_devops/roles/sls/tasks/install/main.yml
index 14a80e7d22..8892c1fb0f 100644
--- a/ibm/mas_devops/roles/sls/tasks/install/main.yml
+++ b/ibm/mas_devops/roles/sls/tasks/install/main.yml
@@ -177,7 +177,7 @@
     artifactory_username: "{{ artifactory_username }}"
     artifactory_password: "{{ artifactory_token }}"
 
-- name: "Create ibm-mas Subscription"
+- name: "Create ibm-sls Subscription"
   ibm.mas_devops.apply_subscription:
     namespace: "{{ sls_namespace }}"
     package_name: "ibm-sls"
diff --git a/ibm/mas_devops/roles/sls/templates/mongo-certificates.yml.j2 b/ibm/mas_devops/roles/sls/templates/mongo-certificates.yml.j2
index 74ec66ae03..4578fb205a 100644
--- a/ibm/mas_devops/roles/sls/templates/mongo-certificates.yml.j2
+++ b/ibm/mas_devops/roles/sls/templates/mongo-certificates.yml.j2
@@ -1,5 +1,5 @@
-{% for certs in mongocfg[1].spec.certificates %}
-- alias: {{ certs.alias }}
+{% for cert in mongocfg[1].spec.certificates %}
+- alias: {{ cert.alias }}
   crt: |
-    {{ certs.crt | indent(4)}}
+    {{ cert.crt | indent(4)}}
 {% endfor %}

From e4255aca8dcfc1eef67b9097350fa5d1a4cd94ba Mon Sep 17 00:00:00 2001
From: Rawa Resul <rawa.resul@ibm.com>
Date: Mon, 7 Jul 2025 10:33:42 +0100
Subject: [PATCH 3/3] [ci skip] Update comment

---
 ibm/mas_devops/roles/sls/tasks/gencfg/main.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml b/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml
index 2c22a53092..06553053f5 100644
--- a/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml
+++ b/ibm/mas_devops/roles/sls/tasks/gencfg/main.yml
@@ -39,8 +39,10 @@
   ansible.builtin.set_fact:
     sls_registration_key: "{{ _sls_suite_registration.resources[0].data['registrationKey'] }}"
 
-# When installing SLS to an existing one there is a delay when switching from
-# service url to route hence we need to take the url from the sls_domain var
+# When sls_url is provided, and you run this task over an existing SLS instance that
+# has no Route (no domain field in CR), then there is a delay until the operator reconciles
+# and updates the url field in the configmap. Hence, we should not take the value from
+# the configmap as it may still hold the old value (service url instead of domain).
 - name: Set sls_url when sls_domain is defined
   when: sls_domain is defined and sls_domain != ""
   ansible.builtin.set_fact: