Use empty string for overcloud InternalTLSCAFile param

Not all deployments have the file in the current default location and rather use trusted certs for public tls. This also creates issues in downstream jobs that don't inject overcloud ca with environment/inject-trust-anchor.yaml This default will ensure that it works in those scenarios. Change-Id: Ib71c3e2be2b8dc57f3c9107c6ddab47cd6594202 Related-Bug: #1880936
2020-06-03 06:52:29 +05:30 · 2020-06-03 06:52:29 +05:30 · cf5382daf7
commit cf5382daf7
parent 000da3cdba
2 changed files with 2 additions and 2 deletions
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@ -16,7 +16,7 @@ parameter_defaults:

  # Specifies the default CA cert to use if TLS is used for services in the internal network.
  # Type: string
-  InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+  InternalTLSCAFile: ''

  # The content of the SSL certificate (without Key) in PEM format.
  # Type: string
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@ -27,7 +27,7 @@ environments:
        |
            The contents of the private key go here
      HorizonSecureCookies: True
-      InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+      InternalTLSCAFile: ''
  -
    name: ssl/enable-internal-tls
    title: Enable SSL on OpenStack Internal Endpoints