Add option to specify Certmonger CA

This will be used for internal (or even public) TLS, for when
certmonger is generating the certificates. This same setting is used
for the undercloud with the generate_service_certificate option.

Change-Id: Ic54fe512b9ed5c71417a66491b7954e653f660b6

diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index c764d4e..89f2705 100644 (file)
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -56,6 +56,12 @@ parameters:
       Heat action on performed top-level stack.
     constraints:
     - allowed_values: ['CREATE', 'UPDATE']
+  # NOTE(jaosorior): This is being set as IPA as it's the first
+  # CA we'll actually be testing out. But we can change this if
+  # people request it.
+  CertmongerCA:
+    type: string
+    default: 'IPA'
 
 resources:
 
@@ -210,6 +216,8 @@ resources:
                     cloud_name_storage: {get_param: cloud_name_storage}
                     cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
                     cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
+                    # TLS parameters
+                    certmonger_ca: {get_param: CertmongerCA}
 
 outputs:
   config_id: