Use empty string for overcloud InternalTLSCAFile param

Not all deployments have the file in the current default location
and rather use trusted certs for public tls. This also creates
issues in downstream jobs that don't inject overcloud ca with
environment/inject-trust-anchor.yaml

This default will ensure that it works in those scenarios.

Change-Id: Ib71c3e2be2b8dc57f3c9107c6ddab47cd6594202
Related-Bug: #1880936
This commit is contained in:
Rabi Mishra 2020-06-03 06:52:29 +05:30
parent 000da3cdba
commit cf5382daf7
2 changed files with 2 additions and 2 deletions

View File

@ -16,7 +16,7 @@ parameter_defaults:
# Specifies the default CA cert to use if TLS is used for services in the internal network. # Specifies the default CA cert to use if TLS is used for services in the internal network.
# Type: string # Type: string
InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem InternalTLSCAFile: ''
# The content of the SSL certificate (without Key) in PEM format. # The content of the SSL certificate (without Key) in PEM format.
# Type: string # Type: string

View File

@ -27,7 +27,7 @@ environments:
| |
The contents of the private key go here The contents of the private key go here
HorizonSecureCookies: True HorizonSecureCookies: True
InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem InternalTLSCAFile: ''
- -
name: ssl/enable-internal-tls name: ssl/enable-internal-tls
title: Enable SSL on OpenStack Internal Endpoints title: Enable SSL on OpenStack Internal Endpoints