Use DeployedSSLCertificatePath for public TLS via certmonger

As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).

There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.

Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932

puppet/services/haproxy-public-tls-certmonger.yaml

@@ -36,6 +36,11 @@ parameters:
   HAProxyInternalTLSKeysDirectory:
     default: '/etc/pki/tls/private/haproxy'
     type: string
+  DeployedSSLCertificatePath:
+    default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+    description: >
+        The filepath of the certificate as it will be stored in the controller.
+    type: string
 
 outputs:
   role_data:
@@ -44,22 +49,14 @@ outputs:
       service_name: haproxy_public_tls_certmonger
       config_settings:
         generate_service_certificates: true
-        tripleo::haproxy::service_certificate:
-          list_join:
-          - ''
-          - - {get_param: HAProxyInternalTLSCertsDirectory}
-            - '/overcloud-haproxy-external.pem'
+        tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
         tripleo::certmonger::haproxy_dirs::certificate_dir:
           get_param: HAProxyInternalTLSCertsDirectory
         tripleo::certmonger::haproxy_dirs::key_dir:
           get_param: HAProxyInternalTLSKeysDirectory
       certificates_specs:
         haproxy-external:
-          service_pem:
-            list_join:
-            - ''
-            - - {get_param: HAProxyInternalTLSCertsDirectory}
-              - '/overcloud-haproxy-external.pem'
+          service_pem: {get_param: DeployedSSLCertificatePath}
           service_certificate:
             list_join:
             - ''