Add parameter to specify ca_cert
When generating system certificates, the templates set the values of InternalTLSCAFile and PublicTLSCAFile to the file path for the local CA cert created by certmonger. This value is invalid for an IPA generated certs. This patch sets these values correctly to the default IPA CA cert location (/etc/ipa/ca.crt) Change-Id: Iad3a51bc853d3e868fd38dbeca8c20dd32725723
This commit is contained in:
parent
92b12c7213
commit
2d26e81926
|
@ -691,6 +691,9 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=True,
|
|||
deploy_args += ['-e', os.path.join(
|
||||
tht_templates,
|
||||
"environments/public-tls-undercloud.yaml")]
|
||||
if CONF.get('certificate_generation_ca') == 'IPA':
|
||||
env_data['InternalTLSCAFile'] = '/etc/ipa/ca.crt'
|
||||
env_data['PublicTLSCAFile'] = '/etc/ipa/ca.crt'
|
||||
else:
|
||||
deploy_args += ['-e', os.path.join(
|
||||
tht_templates,
|
||||
|
|
Loading…
Reference in New Issue