Do not set rabbitmq SSL CA certs when InternalTLSCAFile is ''
The undercloud installation sets InternalTLSCAFile to '' when undercloud_service_certificate is set (done via I5d7f35194f98b2d5c06a417cac75d52ff646def0 "undercloud: Disable CA path if user-provided cert is used"). In this case we end up setting rabbitmq::{ssl_cacert,ssl_management_cacert} to '' which then breaks puppet-rabbitmq because it verifies that they are absolute paths. Let's just skip passing them when InternalTLSCAFile is set to empty. Depends-On: I4e9801ba3ced734e5aa3fa22df522fab0e84761a Closes-Bug: #1947776 Change-Id: I16f0fd04e1ae941d09d567eadaeb5bda959099fc
This commit is contained in:
parent
067211b74f
commit
f8e7bf2bba
@ -128,6 +128,8 @@ conditions:
|
|||||||
- 6
|
- 6
|
||||||
key_size_override_set:
|
key_size_override_set:
|
||||||
not: {equals: [{get_param: RabbitmqCertificateKeySize}, '']}
|
not: {equals: [{get_param: RabbitmqCertificateKeySize}, '']}
|
||||||
|
rabbitmq_cacert_set:
|
||||||
|
not: {equals: [{get_param: InternalTLSCAFile}, '']}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
@ -210,8 +212,6 @@ outputs:
|
|||||||
rabbitmq::ssl_port: 5672
|
rabbitmq::ssl_port: 5672
|
||||||
rabbitmq::ssl_depth: 1
|
rabbitmq::ssl_depth: 1
|
||||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||||
rabbitmq::ssl_cacert: {get_param: InternalTLSCAFile}
|
|
||||||
rabbitmq::ssl_management_cacert: {get_param: InternalTLSCAFile}
|
|
||||||
rabbitmq::ssl_interface:
|
rabbitmq::ssl_interface:
|
||||||
str_replace:
|
str_replace:
|
||||||
template:
|
template:
|
||||||
@ -241,6 +241,11 @@ outputs:
|
|||||||
if:
|
if:
|
||||||
- {get_param: EnableInternalTLS}
|
- {get_param: EnableInternalTLS}
|
||||||
- true
|
- true
|
||||||
|
# Only set CAs then InternalTLSCAFile is not ''
|
||||||
|
- if:
|
||||||
|
- rabbitmq_cacert_set
|
||||||
|
- rabbitmq::ssl_cacert: {get_param: InternalTLSCAFile}
|
||||||
|
rabbitmq::ssl_management_cacert: {get_param: InternalTLSCAFile}
|
||||||
- if:
|
- if:
|
||||||
- {get_param: EnableInternalTLS}
|
- {get_param: EnableInternalTLS}
|
||||||
- tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
- tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||||
|
Loading…
Reference in New Issue
Block a user