Make export of certificate depends on general option

Nova communicate with different services, which can be under SSL in the same time, when Keystone will be without SSL. It's rare, but possible. This patch makes exporting certificate for job depended on general option "create_certificates". Without it Nova under SSL with Keystone without SSL failed due to missed certificate for Nova https endpoint. Change-Id: I273707dc175b4ae026924af4f296e14af0bb23ca
2017-03-02 08:32:02 +00:00 · 2017-03-02 08:32:02 +00:00 · c4a2bbe4f0
parent a78d9aba2e
commit c4a2bbe4f0
1 changed files with 1 additions and 1 deletions
--- a/service/files/create-flavor.sh.j2
+++ b/service/files/create-flavor.sh.j2
@ -16,7 +16,7 @@ export OS_PASSWORD={{ openstack.user_password }}
 export OS_USERNAME={{ openstack.user_name }}
 export OS_PROJECT_NAME={{ openstack.project_name }}
 export OS_AUTH_URL="{{ address('keystone', keystone.admin_port, with_scheme=True) }}/v3"
-{% if keystone.tls.enabled %}
+{% if security.tls.create_certificates %}
 export OS_CACERT="/opt/ccp/etc/tls/ca.pem"
 {% endif %}