Always set hieradata for certmonger_ca

In commit 37a339d2b0 , the hieradata parameter certmonger_ca was set to only be set when internal_tls was enabled. This breaks cert issuance by an non-local certmonger CA when the issuing the haproxy cert on the undercloud eg. issuing this cert by IPA, which relies on this hieradata being set. There is no reason to restrict this data from being set, and doing so fixes the problem. (rhbz#1793975) The remaining data should be set only when internal_tls is enabled. Change-Id: If3e3870dd7bd087984e433f7aa832d1bb0ac5b2b Fixes-Bug: 1860718 (cherry picked from commit ed7d687398)
2020-01-23 16:42:34 -05:00 · 2020-01-23 16:42:34 -05:00 · 7f8b87a90a
commit 7f8b87a90a
parent 033aae9d4b
1 changed files with 8 additions and 7 deletions
--- a/deployment/certs/certmonger-user-baremetal-puppet.yaml
+++ b/deployment/certs/certmonger-user-baremetal-puppet.yaml
@ -62,12 +62,13 @@ outputs:
    value:
      service_name: certmonger_user
      config_settings:
-        if:
-          - internal_tls_enabled
-          - tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
-            certmonger_ca: {get_param: CertmongerCA}
-            certmonger_ca_vnc: {get_param: CertmongerVncCA}
-            certmonger_ca_qemu: {get_param: CertmongerQemuCA}
-          - {}
+        map_merge:
+          - certmonger_ca: {get_param: CertmongerCA}
+          - if:
+            - internal_tls_enabled
+            - tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
+              certmonger_ca_vnc: {get_param: CertmongerVncCA}
+              certmonger_ca_qemu: {get_param: CertmongerQemuCA}
+            - {}
      step_config: |
        include ::tripleo::profile::base::certmonger_user