TLS everywhere: Configure CA for mongodb

It wasn't being configured, thus making mongodb fail. Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84 Closes-Bug: #1710162
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-08-11 16:07:13 +0300
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-08-11 16:07:13 +0300
commit: 0d8a3399eb4cc5cd40a85a323990e710002a1624 (patch)
tree: 7f707b41dcb48d719ff0857dd66bd87fdbde46a1
parent: 4e5ba442189d704deaaa1a922bbcaf5c28e9de40 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 04f34e24..dcead0f7 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -47,6 +47,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 conditions:
 
@@ -98,6 +103,7 @@ outputs:
                 generate_service_certificates: true
                 mongodb::server::ssl: true
                 mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+                mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
                 mongodb_certificate_specs:
                   service_pem: '/etc/pki/tls/certs/mongodb.pem'
                   service_certificate: '/etc/pki/tls/certs/mongodb.crt'
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-08-11 16:07:13 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-08-11 16:07:13 +0300
commit	0d8a3399eb4cc5cd40a85a323990e710002a1624 (patch)
tree	7f707b41dcb48d719ff0857dd66bd87fdbde46a1
parent	4e5ba442189d704deaaa1a922bbcaf5c28e9de40 (diff)