Fix non-ldap domain backend setup

commit: 19620f76421a69263399c9aa19d7aced2d415a7b [log] [tgz]
author: Filip Pytloun <filip@pytloun.cz> Tue Jan 19 16:27:00 2016 +0100
committer: Filip Pytloun <filip@pytloun.cz> Tue Jan 19 16:27:00 2016 +0100
tree: f34a60efad583c382ba3dff96381a45d30118eec
parent: d35151a59a1f78d70c708b38b33bd2f7694147d0 [diff]
diff --git a/keystone/server.sls b/keystone/server.sls
index 1a5522d..e44e959 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls

@@ -74,7 +74,7 @@
     - defaults:
         domain_name: {{ domain_name }}
 
-{%- if domain.ldap.tls.cacert is defined %}
+{%- if domain.get('ldap', {}).get('tls', {}).get('cacert', False) %}
 keystone_domain_{{ domain_name }}_cacert:
   file.managed:
     - name: /etc/keystone/domains/{{ domain_name }}.pem
@@ -96,6 +96,17 @@
 
 {%- endif %}
 
+{%- if server.get('ldap', {}).get('tls', {}).get('cacert', False) %}
+keystone_ldap_default_cacert:
+  file.managed:
+    - name: {{ server.ldap.tls.cacertfile }}
+    - contents_pillar: keystone:server:ldap:tls:cacert
+    - require:
+      - pkg: keystone_packages
+    - watch_in:
+      - service: keystone_service
+{%- endif %}
+
 keystone_service:
   service.running:
   - name: {{ server.service_name }}
commit	19620f76421a69263399c9aa19d7aced2d415a7b	[log] [tgz]
author	Filip Pytloun <filip@pytloun.cz>	Tue Jan 19 16:27:00 2016 +0100
committer	Filip Pytloun <filip@pytloun.cz>	Tue Jan 19 16:27:00 2016 +0100
tree	f34a60efad583c382ba3dff96381a45d30118eec
parent	d35151a59a1f78d70c708b38b33bd2f7694147d0 [diff]