Always set hieradata for certmonger_ca

In commit 37a339d2b0 , the hieradata
parameter certmonger_ca was set to only be set when internal_tls was
enabled.

This breaks cert issuance by an non-local certmonger CA when the
issuing the haproxy cert on the undercloud eg. issuing this cert by
IPA, which relies on this hieradata being set.

There is no reason to restrict this data from being set, and doing so
fixes the problem. (rhbz#1793975)

The remaining data should be set only when internal_tls is enabled.
Change-Id: If3e3870dd7bd087984e433f7aa832d1bb0ac5b2b
Fixes-Bug: 1860718
This commit is contained in:
Ade Lee 2020-01-23 16:42:34 -05:00
parent 0ccca0e362
commit ed7d687398

View File

@ -62,10 +62,11 @@ outputs:
value:
service_name: certmonger_user
config_settings:
if:
map_merge:
- certmonger_ca: {get_param: CertmongerCA}
- if:
- internal_tls_enabled
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
certmonger_ca: {get_param: CertmongerCA}
certmonger_ca_vnc: {get_param: CertmongerVncCA}
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
- {}