From dadc45daa42bf1f9050a2e3f1dea6d8b7a3d0c5a Mon Sep 17 00:00:00 2001
From: Rabi Mishra <ramishra@redhat.com>
Date: Wed, 3 Jun 2020 06:52:29 +0530
Subject: [PATCH] Use empty string for overcloud InternalTLSCAFile param

Not all deployments have the file in the current default location
and rather use trusted certs for public tls. This also creates
issues in downstream jobs that don't inject overcloud ca with
environment/inject-trust-anchor.yaml

This default will ensure that it works in those scenarios.

Change-Id: Ib71c3e2be2b8dc57f3c9107c6ddab47cd6594202
Related-Bug: #1880936
(cherry picked from commit cf5382daf799a06cbfaa3257f11a0cb0b2186a48)
---
 environments/ssl/enable-tls.yaml | 2 +-
 sample-env-generator/ssl.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml
index 07e3ddf911..0b727fd7ac 100644
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@@ -16,7 +16,7 @@ parameter_defaults:
 
   # Specifies the default CA cert to use if TLS is used for services in the internal network.
   # Type: string
-  InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+  InternalTLSCAFile: ''
 
   # The content of the SSL certificate (without Key) in PEM format.
   # Type: string
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 07f8eb9d3b..534870cf89 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -27,7 +27,7 @@ environments:
         |
             The contents of the private key go here
       HorizonSecureCookies: True
-      InternalTLSCAFile: /etc/pki/ca-trust/source/anchors/overcloud-cacert.pem
+      InternalTLSCAFile: ''
   -
     name: ssl/enable-internal-tls
     title: Enable SSL on OpenStack Internal Endpoints