From 0edad7138c89d507e8854b91719bff425c144f43 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 3 Apr 2020 14:49:08 +0100 Subject: [PATCH] Remove default(omit) from openstack_cacert in templates The use of default(omit) is for module parameters, not templates. We define a default value for openstack_cacert, so it should never be undefined anyway. Change-Id: Idfa73097ca168c76559dc4f3aa8bb30b7113ab28 --- ansible/roles/aodh/templates/aodh.conf.j2 | 4 ++-- ansible/roles/barbican/templates/barbican.conf.j2 | 2 +- ansible/roles/blazar/templates/blazar.conf.j2 | 2 +- .../roles/ceilometer/templates/ceilometer.conf.j2 | 2 +- ansible/roles/cinder/templates/cinder.conf.j2 | 6 +++--- .../roles/cloudkitty/templates/cloudkitty.conf.j2 | 2 +- ansible/roles/congress/templates/congress.conf.j2 | 2 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 2 +- .../roles/designate/templates/designate.conf.j2 | 2 +- ansible/roles/freezer/templates/freezer.conf.j2 | 2 +- ansible/roles/glance/templates/glance-api.conf.j2 | 2 +- .../roles/glance/templates/glance-swift.conf.j2 | 2 +- ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 2 +- ansible/roles/heat/templates/heat.conf.j2 | 4 ++-- .../ironic/templates/ironic-inspector.conf.j2 | 4 ++-- ansible/roles/ironic/templates/ironic.conf.j2 | 14 +++++++------- ansible/roles/karbor/templates/karbor.conf.j2 | 4 ++-- ansible/roles/kibana/templates/kibana.yml.j2 | 2 +- ansible/roles/kuryr/templates/kuryr.conf.j2 | 2 +- ansible/roles/magnum/templates/magnum.conf.j2 | 2 +- .../roles/manila/templates/manila-share.conf.j2 | 6 +++--- ansible/roles/manila/templates/manila.conf.j2 | 2 +- .../masakari/templates/masakari-monitors.conf.j2 | 2 +- ansible/roles/masakari/templates/masakari.conf.j2 | 2 +- ansible/roles/mistral/templates/mistral.conf.j2 | 2 +- .../monasca/templates/monasca-api/api.conf.j2 | 2 +- .../templates/monasca-log-api/log-api.conf.j2 | 2 +- ansible/roles/murano/templates/murano.conf.j2 | 14 +++++++------- .../roles/neutron/templates/metadata_agent.ini.j2 | 2 +- ansible/roles/neutron/templates/neutron.conf.j2 | 8 ++++---- ansible/roles/nova-cell/templates/nova.conf.j2 | 14 +++++++------- .../nova-hyperv/templates/nova_hyperv.conf.j2 | 6 +++--- ansible/roles/nova/templates/nova.conf.j2 | 12 ++++++------ ansible/roles/octavia/templates/octavia.conf.j2 | 8 ++++---- ansible/roles/panko/templates/panko.conf.j2 | 2 +- .../roles/placement/templates/placement.conf.j2 | 2 +- ansible/roles/qinling/templates/qinling.conf.j2 | 2 +- ansible/roles/sahara/templates/sahara.conf.j2 | 4 ++-- .../searchlight/templates/searchlight.conf.j2 | 4 ++-- ansible/roles/senlin/templates/senlin.conf.j2 | 2 +- ansible/roles/solum/templates/solum.conf.j2 | 2 +- ansible/roles/swift/templates/proxy-server.conf.j2 | 2 +- ansible/roles/tacker/templates/tacker.conf.j2 | 2 +- ansible/roles/telegraf/templates/telegraf.conf.j2 | 2 +- ansible/roles/tempest/templates/tempest.conf.j2 | 2 +- ansible/roles/trove/templates/trove.conf.j2 | 2 +- ansible/roles/vitrage/templates/vitrage.conf.j2 | 4 ++-- ansible/roles/watcher/templates/watcher.conf.j2 | 4 ++-- ansible/roles/zun/templates/zun.conf.j2 | 4 ++-- 49 files changed, 93 insertions(+), 93 deletions(-) diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2 index d65e35d84f..fe826d6edc 100644 --- a/ansible/roles/aodh/templates/aodh.conf.j2 +++ b/ansible/roles/aodh/templates/aodh.conf.j2 @@ -25,7 +25,7 @@ username = {{ aodh_keystone_user }} password = {{ aodh_keystone_password }} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [oslo_middleware] enable_proxy_headers_parsing = True @@ -45,7 +45,7 @@ project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} auth_type = password interface = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2 index 306f2eab9a..89036675b0 100644 --- a/ansible/roles/barbican/templates/barbican.conf.j2 +++ b/ansible/roles/barbican/templates/barbican.conf.j2 @@ -59,7 +59,7 @@ username = {{ barbican_keystone_user }} password = {{ barbican_keystone_password }} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2 index d6c6dcccd3..275e5d4dbc 100644 --- a/ansible/roles/blazar/templates/blazar.conf.j2 +++ b/ansible/roles/blazar/templates/blazar.conf.j2 @@ -32,7 +32,7 @@ project_name = service username = {{ blazar_keystone_user }} password = {{ blazar_keystone_password }} service_token_roles_required = True -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 b/ansible/roles/ceilometer/templates/ceilometer.conf.j2 index 58fd80301d..9bb25ffdc2 100644 --- a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer.conf.j2 @@ -21,7 +21,7 @@ project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} auth_type = password interface = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% if nova_compute_virt_type == 'vmware' %} [vmware] diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 85ac60d832..1c810d810d 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -17,7 +17,7 @@ glance_api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_add glance_num_retries = {{ groups['glance-api'] | length }} glance_api_version = 2 -glance_ca_certificates_file = {{ openstack_cacert | default(omit) }} +glance_ca_certificates_file = {{ openstack_cacert }} os_region_name = {{ openstack_region_name }} @@ -87,7 +87,7 @@ region_name = {{ openstack_region_name }} project_name = service username = {{ nova_keystone_user }} password = {{ nova_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [database] connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }} @@ -102,7 +102,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ cinder_keystone_user }} password = {{ cinder_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index 1bfbde4c0c..2f377a681e 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -24,7 +24,7 @@ project_name = service username = {{ cloudkitty_keystone_user }} password = {{ cloudkitty_keystone_password }} region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2 index 4d2f027668..78858d7783 100644 --- a/ansible/roles/congress/templates/congress.conf.j2 +++ b/ansible/roles/congress/templates/congress.conf.j2 @@ -37,7 +37,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ congress_keystone_user }} password = {{ congress_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2 index 48fd9b56ae..e2014e4c61 100644 --- a/ansible/roles/cyborg/templates/cyborg.conf.j2 +++ b/ansible/roles/cyborg/templates/cyborg.conf.j2 @@ -25,7 +25,7 @@ username = {{ cyborg_keystone_user }} password = {{ cyborg_keystone_password }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% if cyborg_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 index 617e2abd2e..a2283029e9 100644 --- a/ansible/roles/designate/templates/designate.conf.j2 +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -29,7 +29,7 @@ username = {{ designate_keystone_user }} password = {{ designate_keystone_password }} http_connect_timeout = 60 service_token_roles_required = True -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/freezer/templates/freezer.conf.j2 b/ansible/roles/freezer/templates/freezer.conf.j2 index 0716d8020d..57b2825427 100644 --- a/ansible/roles/freezer/templates/freezer.conf.j2 +++ b/ansible/roles/freezer/templates/freezer.conf.j2 @@ -30,7 +30,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ freezer_keystone_user }} password = {{ freezer_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index ab281df6d6..296ba757d1 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -39,7 +39,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ glance_keystone_user }} password = {{ glance_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/glance/templates/glance-swift.conf.j2 b/ansible/roles/glance/templates/glance-swift.conf.j2 index ee836fe00a..246958c9b6 100644 --- a/ansible/roles/glance/templates/glance-swift.conf.j2 +++ b/ansible/roles/glance/templates/glance-swift.conf.j2 @@ -5,4 +5,4 @@ user = service:{{ glance_keystone_user }} key = {{ glance_keystone_password }} project_domain_id = default user_domain_id = default -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 index 3be0e95763..8af10d9afe 100644 --- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 @@ -51,7 +51,7 @@ username = {{ gnocchi_keystone_user }} password = {{ gnocchi_keystone_password }} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index 9e8ed436cd..a2e7dcf3a2 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -49,7 +49,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ heat_keystone_user }} password = {{ heat_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -89,7 +89,7 @@ policy_file = {{ heat_policy_file }} [clients] endpoint_type = internalURL -ca_file = {{ openstack_cacert | default(omit) }} +ca_file = {{ openstack_cacert }} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index fb11fab366..4019e4b77c 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -22,7 +22,7 @@ project_name = service username = {{ ironic_inspector_keystone_user }} password = {{ ironic_inspector_keystone_password }} os_endpoint_type = internalURL -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% else %} auth_type = none endpoint_override = {{ ironic_internal_endpoint }} @@ -38,7 +38,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ ironic_inspector_keystone_user }} password = {{ ironic_inspector_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 9b8f563472..531dede028 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -63,7 +63,7 @@ username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -81,7 +81,7 @@ username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} {% if enable_glance | bool %} @@ -95,7 +95,7 @@ username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} {% if enable_neutron | bool %} @@ -110,7 +110,7 @@ password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal cleaning_network = {{ ironic_cleaning_network }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} {% if enable_nova | bool %} @@ -124,7 +124,7 @@ username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} [inspector] @@ -138,7 +138,7 @@ username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% else %} auth_type = none endpoint_override = {{ ironic_inspector_internal_endpoint }} @@ -155,7 +155,7 @@ username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% else %} auth_type = none endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }} diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2 index e996f0e8b6..643b9da3c0 100644 --- a/ansible/roles/karbor/templates/karbor.conf.j2 +++ b/ansible/roles/karbor/templates/karbor.conf.j2 @@ -19,7 +19,7 @@ username = {{ karbor_keystone_user }} password = {{ karbor_keystone_password }} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [clients_keystone] auth_uri = {{ keystone_internal_url }} @@ -40,7 +40,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ karbor_keystone_user }} password = {{ karbor_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/kibana/templates/kibana.yml.j2 b/ansible/roles/kibana/templates/kibana.yml.j2 index bf5f08012d..bf0043a700 100644 --- a/ansible/roles/kibana/templates/kibana.yml.j2 +++ b/ansible/roles/kibana/templates/kibana.yml.j2 @@ -6,4 +6,4 @@ elasticsearch.url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_addre elasticsearch.requestTimeout: {{ kibana_elasticsearch_request_timeout }} elasticsearch.shardTimeout: {{ kibana_elasticsearch_shard_timeout }} elasticsearch.ssl.verificationMode: "{{ 'full' if kibana_elasticsearch_ssl_verify | bool else 'none' }}" -elasticsearch.ssl.certificateAuthorities: {{ openstack_cacert | default(omit) }} +elasticsearch.ssl.certificateAuthorities: {{ openstack_cacert }} diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2 index 30027a2e63..56e7fc1344 100644 --- a/ansible/roles/kuryr/templates/kuryr.conf.j2 +++ b/ansible/roles/kuryr/templates/kuryr.conf.j2 @@ -21,7 +21,7 @@ project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} password = {{ kuryr_keystone_password }} username = {{ kuryr_keystone_user }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% if kuryr_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 772421742e..7e143d7ed8 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -65,7 +65,7 @@ user_domain_name = {{ default_user_domain_name }} project_name = service username = {{ magnum_keystone_user }} password = {{ magnum_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2 index 9c4c51d5e9..94c9edc218 100644 --- a/ansible/roles/manila/templates/manila-share.conf.j2 +++ b/ansible/roles/manila/templates/manila-share.conf.j2 @@ -16,7 +16,7 @@ endpoint_type = internalURL project_name = service username = cinder password = {{ cinder_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -33,7 +33,7 @@ endpoint_type = internalURL project_name = service username = {{ nova_keystone_user }} password = {{ nova_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -51,7 +51,7 @@ endpoint_type = internalURL project_name = service username = {{ neutron_keystone_user }} password = {{ neutron_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index 9598560325..c316ccfcca 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -37,7 +37,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ manila_keystone_user }} password = {{ manila_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 b/ansible/roles/masakari/templates/masakari-monitors.conf.j2 index 18009ddb80..39675e3a09 100644 --- a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 +++ b/ansible/roles/masakari/templates/masakari-monitors.conf.j2 @@ -10,7 +10,7 @@ project_name = service project_domain_id = {{ default_project_domain_id }} username = {{ masakari_keystone_user }} password = {{ masakari_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} api_interface = internal [libvirt] diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2 index eb4c512783..bba3704b3a 100644 --- a/ansible/roles/masakari/templates/masakari.conf.j2 +++ b/ansible/roles/masakari/templates/masakari.conf.j2 @@ -28,7 +28,7 @@ username = {{ masakari_keystone_user }} password = {{ masakari_keystone_password }} service_token_roles_required = True region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% if enable_memcached | bool %} memcache_security_strategy = ENCRYPT diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2 index 1c758543d3..c99786e0f2 100644 --- a/ansible/roles/mistral/templates/mistral.conf.j2 +++ b/ansible/roles/mistral/templates/mistral.conf.j2 @@ -45,7 +45,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ mistral_keystone_user }} password = {{ mistral_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 b/ansible/roles/monasca/templates/monasca-api/api.conf.j2 index 30491645ab..105ae7ac1d 100644 --- a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 +++ b/ansible/roles/monasca/templates/monasca-api/api.conf.j2 @@ -36,7 +36,7 @@ project_name = service username = {{ monasca_keystone_user }} password = {{ monasca_keystone_password }} service_token_roles_required=True -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2 b/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2 index b303de5cbb..56946c8bdd 100644 --- a/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2 +++ b/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2 @@ -36,7 +36,7 @@ project_name = service username = {{ monasca_keystone_user }} password = {{ monasca_keystone_password }} service_token_roles_required=True -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index 98831dc016..92e3a4cce4 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -27,7 +27,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ murano_keystone_user }} password = {{ murano_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -42,7 +42,7 @@ user_domain_name = {{ default_user_domain_name }} project_name = service username = {{ murano_keystone_user }} password = {{ murano_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [murano] url = {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ murano_api_port }} @@ -80,22 +80,22 @@ auth_url = {{ keystone_internal_url }}/v3 username = {{ murano_keystone_user }} password = {{ murano_keystone_password }} user_domain_name = {{ default_project_domain_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} {% endif %} [neutron] endpoint_type = internalURL -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [heat] endpoint_type = internalURL -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [glance] endpoint_type = internalURL -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [mistral] endpoint_type = internalURL -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} diff --git a/ansible/roles/neutron/templates/metadata_agent.ini.j2 b/ansible/roles/neutron/templates/metadata_agent.ini.j2 index 0b1a34dd65..cdee21fcbb 100644 --- a/ansible/roles/neutron/templates/metadata_agent.ini.j2 +++ b/ansible/roles/neutron/templates/metadata_agent.ini.j2 @@ -1,6 +1,6 @@ # metadata_agent.ini [DEFAULT] -auth_ca_cert = {{ openstack_cacert | default(omit) }} +auth_ca_cert = {{ openstack_cacert }} nova_metadata_host = {{ nova_internal_fqdn }} nova_metadata_port = {{ nova_metadata_port }} metadata_proxy_shared_secret = {{ metadata_secret }} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 03a02132f1..1b9c01c9a4 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -84,7 +84,7 @@ project_name = service username = {{ nova_keystone_user }} password = {{ nova_keystone_password }} endpoint_type = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [oslo_middleware] enable_proxy_headers_parsing = True @@ -108,7 +108,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ neutron_keystone_user }} password = {{ neutron_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -151,7 +151,7 @@ password = {{ designate_keystone_password }} allow_reverse_dns_lookup = True ipv4_ptr_zone_prefix_size = 24 ipv6_ptr_zone_prefix_size = 116 -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} {% if enable_osprofiler | bool %} @@ -172,7 +172,7 @@ project_name = service project_domain_name = {{ default_project_domain_name }} os_region_name = {{ openstack_region_name }} os_interface = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [privsep] helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2 index f39c95ef61..025ee75a60 100644 --- a/ansible/roles/nova-cell/templates/nova.conf.j2 +++ b/ansible/roles/nova-cell/templates/nova.conf.j2 @@ -90,7 +90,7 @@ proxyclient_address = {{ api_interface_address }} username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} auth_url = {{ openstack_auth.auth_url }}/v3 -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} auth_type = password project_name = service user_domain_name = {{ default_user_domain_name }} @@ -104,14 +104,14 @@ lock_path = /var/lib/nova/tmp [glance] api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} num_retries = 3 {% if enable_cinder | bool %} [cinder] catalog_info = volumev3:cinderv3:internalURL os_region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} [neutron] @@ -122,7 +122,7 @@ ovs_bridge = {{ ovs_bridge }} {% endif %} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} project_domain_name = {{ default_project_domain_name }} user_domain_id = {{ default_user_domain_id }} project_name = service @@ -188,7 +188,7 @@ helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --confi [glance] debug = {{ nova_logging_debug }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [guestfs] debug = {{ nova_logging_debug }} @@ -202,7 +202,7 @@ user_domain_name = {{ default_user_domain_name }} project_name = service project_domain_name = {{ default_project_domain_name }} region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} valid_interfaces = internal [notifications] @@ -227,7 +227,7 @@ connection_string = {{ osprofiler_backend_connection_string }} {% if enable_barbican | bool %} [barbican] auth_endpoint = {{ keystone_internal_url }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} {% if nova_compute_virt_type == "xenapi" %} diff --git a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 index 7a2dc9f51a..260b0774c6 100644 --- a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 +++ b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 @@ -29,11 +29,11 @@ password = {{ placement_keystone_password }} project_domain_name = {{ default_project_domain_name }} user_domain_name = {{ default_user_domain_name }} os_region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [glance] api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [hyperv] @@ -59,7 +59,7 @@ username = {{ neutron_keystone_user }} password = {{ neutron_keystone_password }} auth_url = {{ keystone_admin_url }}/v3 auth_type = v3password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index d3e21781c7..7df8eb5956 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -59,7 +59,7 @@ lock_path = /var/lib/nova/tmp [glance] api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} num_retries = {{ groups['glance-api'] | length }} debug = {{ nova_logging_debug }} @@ -74,7 +74,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ cinder_keystone_user }} password = {{ cinder_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} [neutron] @@ -92,7 +92,7 @@ username = {{ neutron_keystone_user }} password = {{ neutron_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [database] connection = mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }} @@ -119,7 +119,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ nova_keystone_user }} password = {{ nova_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -170,7 +170,7 @@ user_domain_name = {{ default_user_domain_name }} project_name = service project_domain_name = {{ default_project_domain_name }} region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} valid_interfaces = internal [notifications] @@ -195,5 +195,5 @@ connection_string = {{ osprofiler_backend_connection_string }} {% if enable_barbican | bool %} [barbican] auth_endpoint = {{ keystone_internal_url }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% endif %} diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2 index 48bb231eb9..90d58135c7 100644 --- a/ansible/roles/octavia/templates/octavia.conf.j2 +++ b/ansible/roles/octavia/templates/octavia.conf.j2 @@ -44,7 +44,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ octavia_keystone_user }} password = {{ octavia_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -84,14 +84,14 @@ policy_file = {{ octavia_policy_file }} [glance] region_name = {{ openstack_region_name }} endpoint_type = internal -ca_certificates_file == {{ openstack_cacert | default(omit) }} +ca_certificates_file == {{ openstack_cacert }} [neutron] region_name = {{ openstack_region_name }} endpoint_type = internal -ca_certificates_file == {{ openstack_cacert | default(omit) }} +ca_certificates_file == {{ openstack_cacert }} [nova] region_name = {{ openstack_region_name }} endpoint_type = internal -ca_certificates_file == {{ openstack_cacert | default(omit) }} +ca_certificates_file == {{ openstack_cacert }} diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2 index 29544fba49..7cf2fe8635 100644 --- a/ansible/roles/panko/templates/panko.conf.j2 +++ b/ansible/roles/panko/templates/panko.conf.j2 @@ -25,7 +25,7 @@ username = {{ panko_keystone_user }} password = {{ panko_keystone_password }} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/placement/templates/placement.conf.j2 b/ansible/roles/placement/templates/placement.conf.j2 index 300329c09a..3f4947d287 100644 --- a/ansible/roles/placement/templates/placement.conf.j2 +++ b/ansible/roles/placement/templates/placement.conf.j2 @@ -42,7 +42,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/qinling/templates/qinling.conf.j2 b/ansible/roles/qinling/templates/qinling.conf.j2 index f22917bc93..679804167f 100644 --- a/ansible/roles/qinling/templates/qinling.conf.j2 +++ b/ansible/roles/qinling/templates/qinling.conf.j2 @@ -28,7 +28,7 @@ project_name = service username = {{ qinling_keystone_user }} password = {{ qinling_keystone_password }} region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2 index 5f1baa8144..616a39474c 100644 --- a/ansible/roles/sahara/templates/sahara.conf.j2 +++ b/ansible/roles/sahara/templates/sahara.conf.j2 @@ -21,7 +21,7 @@ project_name = service project_domain_name = {{ default_project_domain_name }} username = {{ sahara_keystone_user }} password = {{ sahara_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -52,4 +52,4 @@ user_domain_name = {{ default_user_domain_name }} username = {{ sahara_keystone_user }} password = {{ sahara_keystone_password }} auth_url = {{ keystone_admin_url }}/v3 -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} diff --git a/ansible/roles/searchlight/templates/searchlight.conf.j2 b/ansible/roles/searchlight/templates/searchlight.conf.j2 index 4a22f8a3e1..59c14d96b5 100644 --- a/ansible/roles/searchlight/templates/searchlight.conf.j2 +++ b/ansible/roles/searchlight/templates/searchlight.conf.j2 @@ -29,7 +29,7 @@ user_domain_name = {{ default_user_domain_name }} username = {{ searchlight_keystone_user }} password = {{ searchlight_keystone_password }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -61,7 +61,7 @@ username = {{ searchlight_keystone_user }} password = {{ searchlight_keystone_password }} auth_type = password auth_plugin = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2 index a3c689c34b..3fc59d3fb0 100644 --- a/ansible/roles/senlin/templates/senlin.conf.j2 +++ b/ansible/roles/senlin/templates/senlin.conf.j2 @@ -49,7 +49,7 @@ project_name = service username = {{ senlin_keystone_user }} password = {{ senlin_keystone_password }} service_token_roles_required = False -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2 index 71f7373ad9..33dda508dc 100644 --- a/ansible/roles/solum/templates/solum.conf.j2 +++ b/ansible/roles/solum/templates/solum.conf.j2 @@ -51,7 +51,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ solum_keystone_user }} password = {{ solum_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2 index e7b2c42f2b..280ae890aa 100644 --- a/ansible/roles/swift/templates/proxy-server.conf.j2 +++ b/ansible/roles/swift/templates/proxy-server.conf.j2 @@ -44,7 +44,7 @@ project_name = service username = {{ swift_keystone_user }} password = {{ swift_keystone_password }} delay_auth_decision = {{ swift_delay_auth_decision }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2 index 4267564817..10c4c17435 100644 --- a/ansible/roles/tacker/templates/tacker.conf.j2 +++ b/ansible/roles/tacker/templates/tacker.conf.j2 @@ -38,7 +38,7 @@ user_domain_name = {{ default_user_domain_id }} project_name = service username = {{ tacker_keystone_user }} password = {{ tacker_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/telegraf/templates/telegraf.conf.j2 b/ansible/roles/telegraf/templates/telegraf.conf.j2 index 2a406ebb4e..a5c3185d07 100644 --- a/ansible/roles/telegraf/templates/telegraf.conf.j2 +++ b/ansible/roles/telegraf/templates/telegraf.conf.j2 @@ -19,7 +19,7 @@ retention_policy = "autogen" write_consistency = "any" timeout = "5s" - tls_ca = {{ openstack_cacert | default(omit) }} + tls_ca = {{ openstack_cacert }} {% endfor %} {% endif %} [[inputs.cpu]] diff --git a/ansible/roles/tempest/templates/tempest.conf.j2 b/ansible/roles/tempest/templates/tempest.conf.j2 index 90d7f691bd..c8e4632bcb 100644 --- a/ansible/roles/tempest/templates/tempest.conf.j2 +++ b/ansible/roles/tempest/templates/tempest.conf.j2 @@ -41,7 +41,7 @@ region = {{ openstack_region_name }} auth_version = v3 uri = {{ keystone_admin_url }}/v2.0 uri_v3 = {{ keystone_admin_url }}/v3 -ca_certificates_file = {{ openstack_cacert | default(omit) }} +ca_certificates_file = {{ openstack_cacert }} [image] region = {{ openstack_region_name }} diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2 index ef2fbe60a3..c35b24ee39 100644 --- a/ansible/roles/trove/templates/trove.conf.j2 +++ b/ansible/roles/trove/templates/trove.conf.j2 @@ -39,7 +39,7 @@ username = {{ trove_keystone_user }} password = {{ trove_keystone_password }} auth_url = {{ keystone_admin_url }} auth_type = password -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2 index 07c41707a6..fe25b29bd8 100644 --- a/ansible/roles/vitrage/templates/vitrage.conf.j2 +++ b/ansible/roles/vitrage/templates/vitrage.conf.j2 @@ -39,7 +39,7 @@ project_name = service username = {{ vitrage_keystone_user }} password = {{ vitrage_keystone_password }} service_token_roles_required = True -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -55,7 +55,7 @@ project_name = admin password = {{ vitrage_keystone_password }} username = {{ vitrage_keystone_user }} interface = internal -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2 index ed3ec2c68a..fc320f6df1 100644 --- a/ansible/roles/watcher/templates/watcher.conf.j2 +++ b/ansible/roles/watcher/templates/watcher.conf.j2 @@ -26,7 +26,7 @@ project_name = service username = {{ watcher_keystone_user }} password = {{ watcher_keystone_password }} service_token_roles_required = True -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} @@ -41,7 +41,7 @@ user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ watcher_keystone_user }} password = {{ watcher_keystone_password }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} [oslo_concurrency] lock_path = /var/lib/watcher/tmp diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 index e3f8a7be33..e6cc023a38 100644 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -38,7 +38,7 @@ username = {{ zun_keystone_user }} password = {{ zun_keystone_password }} service_token_roles_required = True region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% if enable_memcached | bool %} memcache_security_strategy = ENCRYPT @@ -60,7 +60,7 @@ username = {{ zun_keystone_user }} password = {{ zun_keystone_password }} service_token_roles_required = True region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert | default(omit) }} +cafile = {{ openstack_cacert }} {% if enable_memcached | bool %} memcache_security_strategy = ENCRYPT