From 80537150ae5f2ffac0b45df8dbeb50b9b30ab04d Mon Sep 17 00:00:00 2001
From: Rabi Mishra <ramishra@redhat.com>
Date: Wed, 3 Jun 2020 06:52:29 +0530
Subject: [PATCH] Use empty string for overcloud InternalTLSCAFile param

Not all deployments have the file in the current default location
and rather use trusted certs for public tls. This also creates
issues in downstream jobs that don't inject overcloud ca with
environment/inject-trust-anchor.yaml

This default will ensure that it works in those scenarios.

Change-Id: Ib71c3e2be2b8dc57f3c9107c6ddab47cd6594202
Related-Bug: #1880936
(cherry picked from commit cf5382daf799a06cbfaa3257f11a0cb0b2186a48)
---
 environments/ssl/enable-tls.yaml | 2 +-
 sample-env-generator/ssl.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml
index 07e3ddf911..0b727fd7ac 100644
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@@ -16,7 +16,7 @@ parameter_defaults:
 
   # Specifies the default CA cert to use if TLS is used for services in the internal network.
   # Type: string
-  InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+  InternalTLSCAFile: ''
 
   # The content of the SSL certificate (without Key) in PEM format.
   # Type: string
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 29437b4eaf..19d7f8f52b 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -27,7 +27,7 @@ environments:
         |
             The contents of the private key go here
       HorizonSecureCookies: True
-      InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+      InternalTLSCAFile: ''
   -
     name: ssl/enable-internal-tls
     title: Enable SSL on OpenStack Internal Endpoints