Browse Source

Always set hieradata for certmonger_ca

In commit 37a339d2b0 , the hieradata
parameter certmonger_ca was set to only be set when internal_tls was
enabled.

This breaks cert issuance by an non-local certmonger CA when the
issuing the haproxy cert on the undercloud eg. issuing this cert by
IPA, which relies on this hieradata being set.

There is no reason to restrict this data from being set, and doing so
fixes the problem. (rhbz#1793975)

The remaining data should be set only when internal_tls is enabled.
Change-Id: If3e3870dd7bd087984e433f7aa832d1bb0ac5b2b
Fixes-Bug: 1860718
(cherry picked from commit ed7d687398e3befe99d12e7ac432e412104080a6)
changes/43/713143/1
Ade Lee 1 year ago
parent
commit
7f8b87a90a
1 changed files with 8 additions and 7 deletions
  1. +8
    -7
      deployment/certs/certmonger-user-baremetal-puppet.yaml

+ 8
- 7
deployment/certs/certmonger-user-baremetal-puppet.yaml View File

@ -62,12 +62,13 @@ outputs:
value:
service_name: certmonger_user
config_settings:
if:
- internal_tls_enabled
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
certmonger_ca: {get_param: CertmongerCA}
certmonger_ca_vnc: {get_param: CertmongerVncCA}
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
- {}
map_merge:
- certmonger_ca: {get_param: CertmongerCA}
- if:
- internal_tls_enabled
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
certmonger_ca_vnc: {get_param: CertmongerVncCA}
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
- {}
step_config: |
include ::tripleo::profile::base::certmonger_user

Loading…
Cancel
Save