Prevent openrc files from using wrong OS_CACERT value

Kolla Ansible sets kolla_{external,internal}_fqdn_cacert variables with
default values compatible with the use of `kolla-ansible certificates`.

However, when these variables are left unset in Kayobe, which is
generally the case when using trusted certificates, we end up with
openrc files setting OS_CACERT to a file that does not exist:

    ${KOLLA_CONFIG_PATH}/certificates/haproxy-ca.crt

Instead we allow null cacert variables to be passed to kolla-ansible,
which results in openrc files without the bogus OS_CACERT entry.

Change-Id: Ifa615888b6d8d54c9e6314fd90f3fc4872fc6e5a
Story: 2007516
Task: 39299

ansible/roles/kolla-ansible/templates/globals.yml.j2

@@ -184,12 +184,8 @@ kolla_enable_tls_internal: {{ kolla_enable_tls_internal | bool }}
 kolla_enable_tls_external: {{ kolla_enable_tls_external | bool }}
 kolla_external_fqdn_cert: "{{ kolla_external_fqdn_cert }}"
 kolla_internal_fqdn_cert: "{{ kolla_internal_fqdn_cert }}"
-{% if kolla_external_fqdn_cacert %}
 kolla_external_fqdn_cacert: "{{ kolla_external_fqdn_cacert }}"
-{% endif %}
-{% if kolla_internal_fqdn_cacert %}
 kolla_internal_fqdn_cacert: "{{ kolla_internal_fqdn_cacert }}"
-{% endif %}
 
 ################
 # Region options

releasenotes/notes/prevent-wrong-oscacert-variable-9ede7f60c1562a77.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+     Fixes an issue where ``OS_CACERT`` variable in ``openrc`` files would be
+     set to the path of a non-existent file. New ``openrc`` files can be
+     generated with the ``kayobe control host bootstrap`` command. `See story
+     2007516 <https://storyboard.openstack.org/#!/story/2007516>`_ for more
+     details.