TLS everywhere: Configure CA for mongodb

It wasn't being configured, thus making mongodb fail. Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84 Closes-Bug: #1710162
2017-08-11 16:07:13 +03:00 · 2017-08-11 16:07:13 +03:00 · 0d8a3399eb
commit 0d8a3399eb
parent 4e5ba44218
1 changed files with 6 additions and 0 deletions
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@ -47,6 +47,11 @@ parameters:
  EnableInternalTLS:
    type: boolean
    default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.

 conditions:

@ -98,6 +103,7 @@ outputs:
                generate_service_certificates: true
                mongodb::server::ssl: true
                mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+                mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
                mongodb_certificate_specs:
                  service_pem: '/etc/pki/tls/certs/mongodb.pem'
                  service_certificate: '/etc/pki/tls/certs/mongodb.crt'