From 1cc4fd62ecfe819340e2399a6babc9df0856ee41 Mon Sep 17 00:00:00 2001
From: Harry Rybacki <hrybacki@redhat.com>
Date: Tue, 20 Aug 2019 18:56:51 +0000
Subject: [PATCH] Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"

We believe this change induced a regression[1] that is further breaking TripleO TLS-Everywhere deployments. Submitting a revert patch while we investigate and work on a more robust solution.

[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1743485

This reverts commit 6839b658a4147ab56fac155b82eef94685a5e279.

Change-Id: Id6ee83f3c3f3a332009850453167c6d29dba5f4c
---
 docker/services/nova-libvirt.yaml   | 2 +-
 docker/services/nova-vnc-proxy.yaml | 2 +-
 puppet/services/nova-libvirt.yaml   | 2 +-
 puppet/services/nova-vnc-proxy.yaml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index f40c7758a1..aac9a0ed40 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -97,7 +97,7 @@ parameters:
     description: Specifies the default CA cert to use if TLS is used for
                  services in the internal network.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/ca.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtCACert:
diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml
index 1f13677eb4..052f1e37aa 100644
--- a/docker/services/nova-vnc-proxy.yaml
+++ b/docker/services/nova-vnc-proxy.yaml
@@ -50,7 +50,7 @@ parameters:
                  enable TLS transaport for libvirt VNC and configure the
                  relevant keys for libvirt.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/ca.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtVncCACert:
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 98b018f543..217c3dafed 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -88,7 +88,7 @@ parameters:
     description: Specifies the default CA cert to use if TLS is used for
                  services in the internal network.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/ca.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtCACert:
diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml
index dea5d53607..dcf0461545 100644
--- a/puppet/services/nova-vnc-proxy.yaml
+++ b/puppet/services/nova-vnc-proxy.yaml
@@ -56,7 +56,7 @@ parameters:
                  enable TLS transaport for libvirt VNC and configure the
                  relevant keys for libvirt.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/ca.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtVncCACert: