Skip both tenant and management networks when generating certs

Without this change we were unable to deploy TLS Everywhere with management network. This is because the service principal is not created due to VIP being set to false in network_data.yaml Closes-Bug: #1861097 Resolves: rhbz#1777605 Change-Id: I43fd5f67c1a0be6eaa1752575349e64329cada4a (cherry picked from commit a22c04c576)
2019-12-02 10:47:29 +01:00 · 2019-12-02 10:47:29 +01:00 · 5b5780c154
parent 5323f2033e
commit 5b5780c154
1 changed files with 4 additions and 4 deletions
--- a/deployment/apache/apache-baremetal-puppet.j2.yaml
+++ b/deployment/apache/apache-baremetal-puppet.j2.yaml
@ -58,12 +58,12 @@ resources:
    type: OS::Heat::Value
    properties:
      value:
-        # NOTE(jaosorior) Get unique network names to create
-        # certificates for those. We skip the tenant network since
-        # we don't need a certificate for that.
+        # NOTE(xek) Get unique network names to create certificates.
+        # We skip the tenant and management network (vip != false)
+        # since we don't generate certificates for those.
        - ctlplane
 {%- for network in networks if network.enabled|default(true) %}
-  {%- if network.name_lower != 'tenant' %}
+  {%- if network.vip | default(false) %}
        - {{network.name_lower}}
  {%- endif %}
 {%- endfor %}