Always set hieradata for certmonger_ca
In commit37a339d2b0
, the hieradata parameter certmonger_ca was set to only be set when internal_tls was enabled. This breaks cert issuance by an non-local certmonger CA when the issuing the haproxy cert on the undercloud eg. issuing this cert by IPA, which relies on this hieradata being set. There is no reason to restrict this data from being set, and doing so fixes the problem. (rhbz#1793975) The remaining data should be set only when internal_tls is enabled. Change-Id: If3e3870dd7bd087984e433f7aa832d1bb0ac5b2b Fixes-Bug: 1860718 (cherry picked from commited7d687398
)
This commit is contained in:
parent
033aae9d4b
commit
7f8b87a90a
@ -62,12 +62,13 @@ outputs:
|
|||||||
value:
|
value:
|
||||||
service_name: certmonger_user
|
service_name: certmonger_user
|
||||||
config_settings:
|
config_settings:
|
||||||
if:
|
map_merge:
|
||||||
- internal_tls_enabled
|
- certmonger_ca: {get_param: CertmongerCA}
|
||||||
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
|
- if:
|
||||||
certmonger_ca: {get_param: CertmongerCA}
|
- internal_tls_enabled
|
||||||
certmonger_ca_vnc: {get_param: CertmongerVncCA}
|
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
|
||||||
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
|
certmonger_ca_vnc: {get_param: CertmongerVncCA}
|
||||||
- {}
|
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
|
||||||
|
- {}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::certmonger_user
|
include ::tripleo::profile::base::certmonger_user
|
||||||
|
Loading…
Reference in New Issue
Block a user