From 1877ef80be1813bfea1d4213ee858fc65bd10935 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 27 Mar 2018 13:41:45 +0300
Subject: [PATCH] Default NodeTLSData to always attempt setting TLS cert

This is part of enabling TLS by default. It'll be needed in order to get
the certificate injection to work.

Needed-By: I3d3cad0eb1396e7bee146794b29badad302efdf3
Change-Id: I25e35ad1e4f12eb4cca7a0cd3e120e70e4a8c564
---
 environments/ssl/enable-tls.yaml            | 1 -
 overcloud-resource-registry-puppet.j2.yaml  | 2 +-
 puppet/extraconfig/tls/tls-cert-inject.yaml | 3 +++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml
index e5ef8563cc..f3c5bf034c 100644
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@@ -20,7 +20,6 @@ parameter_defaults:
   SSLIntermediateCertificate: ''
 
   # The content of the SSL Key in PEM format.
-  # Mandatory. This parameter must be set by the user.
   # Type: string
   SSLKey: |
     The contents of the private key go here
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 54dfc41dd0..6a10edad89 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -51,7 +51,7 @@ resource_registry:
   OS::TripleO::{{role.name}}::NodeUserData: firstboot/userdata_default.yaml
 {% endfor %}
   OS::TripleO::NodeTLSCAData: OS::Heat::None
-  OS::TripleO::NodeTLSData: OS::Heat::None
+  OS::TripleO::NodeTLSData: puppet/extraconfig/tls/tls-cert-inject.yaml
   OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
   OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
 
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index d32fc62f16..652679da74 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -16,7 +16,10 @@ parameters:
     description: >
       The content of an SSL intermediate CA certificate in PEM format.
     type: string
+  # NOTE(jaosorior): Adding this default is only while we enable TLS by default
+  # for the overcloud. It'll be removed in a subsequent patch.
   SSLKey:
+    default: ''
     description: >
       The content of the SSL Key in PEM format.
     type: string