Add parameter to specify ca_cert

When generating system certificates, the templates set the values of InternalTLSCAFile and PublicTLSCAFile to the file path for the local CA cert created by certmonger. This value is invalid for an IPA generated certs. This patch sets these values correctly to the default IPA CA cert location (/etc/ipa/ca.crt) Change-Id: Iad3a51bc853d3e868fd38dbeca8c20dd32725723
2021-03-02 00:23:53 -05:00 · 2021-03-02 00:23:53 -05:00 · 2d26e81926
parent 92b12c7213
commit 2d26e81926
1 changed files with 3 additions and 0 deletions
--- a/tripleoclient/v1/undercloud_config.py
+++ b/tripleoclient/v1/undercloud_config.py
@ -691,6 +691,9 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=True,
        deploy_args += ['-e', os.path.join(
            tht_templates,
            "environments/public-tls-undercloud.yaml")]
+        if CONF.get('certificate_generation_ca') == 'IPA':
+            env_data['InternalTLSCAFile'] = '/etc/ipa/ca.crt'
+            env_data['PublicTLSCAFile'] = '/etc/ipa/ca.crt'
    else:
        deploy_args += ['-e', os.path.join(
            tht_templates,