From 5b5780c1542b90363adce73cbe40635e4868806f Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Mon, 2 Dec 2019 10:47:29 +0100
Subject: [PATCH] Skip both tenant and management networks when generating
 certs

Without this change we were unable to deploy TLS Everywhere with
management network. This is because the service principal is not
created due to VIP being set to false in network_data.yaml

Closes-Bug: #1861097
Resolves: rhbz#1777605
Change-Id: I43fd5f67c1a0be6eaa1752575349e64329cada4a
(cherry picked from commit a22c04c576ce6956d4ca526b60b482501228f47e)
---
 deployment/apache/apache-baremetal-puppet.j2.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/deployment/apache/apache-baremetal-puppet.j2.yaml b/deployment/apache/apache-baremetal-puppet.j2.yaml
index f4321016a7..d8f78a124a 100644
--- a/deployment/apache/apache-baremetal-puppet.j2.yaml
+++ b/deployment/apache/apache-baremetal-puppet.j2.yaml
@@ -58,12 +58,12 @@ resources:
     type: OS::Heat::Value
     properties:
       value:
-        # NOTE(jaosorior) Get unique network names to create
-        # certificates for those. We skip the tenant network since
-        # we don't need a certificate for that.
+        # NOTE(xek) Get unique network names to create certificates.
+        # We skip the tenant and management network (vip != false)
+        # since we don't generate certificates for those.
         - ctlplane
 {%- for network in networks if network.enabled|default(true) %}
-  {%- if network.name_lower != 'tenant' %}
+  {%- if network.vip | default(false) %}
         - {{network.name_lower}}
   {%- endif %}
 {%- endfor %}