From 7f8b87a90ad202f7f295196743d4efb7a5fb8f7e Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 23 Jan 2020 16:42:34 -0500 Subject: [PATCH] Always set hieradata for certmonger_ca In commit 37a339d2b0f0282bf1bac96587b10ca61868cec5 , the hieradata parameter certmonger_ca was set to only be set when internal_tls was enabled. This breaks cert issuance by an non-local certmonger CA when the issuing the haproxy cert on the undercloud eg. issuing this cert by IPA, which relies on this hieradata being set. There is no reason to restrict this data from being set, and doing so fixes the problem. (rhbz#1793975) The remaining data should be set only when internal_tls is enabled. Change-Id: If3e3870dd7bd087984e433f7aa832d1bb0ac5b2b Fixes-Bug: 1860718 (cherry picked from commit ed7d687398e3befe99d12e7ac432e412104080a6) --- .../certs/certmonger-user-baremetal-puppet.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/deployment/certs/certmonger-user-baremetal-puppet.yaml b/deployment/certs/certmonger-user-baremetal-puppet.yaml index ba9a488a30..b5fb97bdae 100644 --- a/deployment/certs/certmonger-user-baremetal-puppet.yaml +++ b/deployment/certs/certmonger-user-baremetal-puppet.yaml @@ -62,12 +62,13 @@ outputs: value: service_name: certmonger_user config_settings: - if: - - internal_tls_enabled - - tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL} - certmonger_ca: {get_param: CertmongerCA} - certmonger_ca_vnc: {get_param: CertmongerVncCA} - certmonger_ca_qemu: {get_param: CertmongerQemuCA} - - {} + map_merge: + - certmonger_ca: {get_param: CertmongerCA} + - if: + - internal_tls_enabled + - tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL} + certmonger_ca_vnc: {get_param: CertmongerVncCA} + certmonger_ca_qemu: {get_param: CertmongerQemuCA} + - {} step_config: | include ::tripleo::profile::base::certmonger_user