Always set hieradata for certmonger_ca

In commit 37a339d2b0 , the hieradata
parameter certmonger_ca was set to only be set when internal_tls was
enabled.

This breaks cert issuance by an non-local certmonger CA when the
issuing the haproxy cert on the undercloud eg. issuing this cert by
IPA, which relies on this hieradata being set.

There is no reason to restrict this data from being set, and doing so
fixes the problem. (rhbz#1793975)

The remaining data should be set only when internal_tls is enabled.
Change-Id: If3e3870dd7bd087984e433f7aa832d1bb0ac5b2b
Fixes-Bug: 1860718
(cherry picked from commit ed7d687398)
This commit is contained in:
Ade Lee 2020-01-23 16:42:34 -05:00
parent 033aae9d4b
commit 7f8b87a90a

View File

@ -62,12 +62,13 @@ outputs:
value: value:
service_name: certmonger_user service_name: certmonger_user
config_settings: config_settings:
if: map_merge:
- internal_tls_enabled - certmonger_ca: {get_param: CertmongerCA}
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL} - if:
certmonger_ca: {get_param: CertmongerCA} - internal_tls_enabled
certmonger_ca_vnc: {get_param: CertmongerVncCA} - tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
certmonger_ca_qemu: {get_param: CertmongerQemuCA} certmonger_ca_vnc: {get_param: CertmongerVncCA}
- {} certmonger_ca_qemu: {get_param: CertmongerQemuCA}
- {}
step_config: | step_config: |
include ::tripleo::profile::base::certmonger_user include ::tripleo::profile::base::certmonger_user