Use empty string for overcloud InternalTLSCAFile param

Not all deployments have the file in the current default location and rather use trusted certs for public tls. This also creates issues in downstream jobs that don't inject overcloud ca with environment/inject-trust-anchor.yaml This default will ensure that it works in those scenarios. Change-Id: Ib71c3e2be2b8dc57f3c9107c6ddab47cd6594202 Related-Bug: #1880936 (cherry picked from commit cf5382daf7)
2020-06-03 06:52:29 +05:30 · 2020-06-03 06:52:29 +05:30 · 80537150ae
parent e136acb799
commit 80537150ae
2 changed files with 2 additions and 2 deletions
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@ -16,7 +16,7 @@ parameter_defaults:

  # Specifies the default CA cert to use if TLS is used for services in the internal network.
  # Type: string
-  InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+  InternalTLSCAFile: ''

  # The content of the SSL certificate (without Key) in PEM format.
  # Type: string
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@ -27,7 +27,7 @@ environments:
        |
            The contents of the private key go here
      HorizonSecureCookies: True
-      InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+      InternalTLSCAFile: ''
  -
    name: ssl/enable-internal-tls
    title: Enable SSL on OpenStack Internal Endpoints