From 9bd89b28cfc5158269c7f21824a06a9c43c6532b Mon Sep 17 00:00:00 2001
From: James Kirsch <generalfuzz@gmail.com>
Date: Fri, 26 Jun 2020 11:16:08 -0700
Subject: [PATCH] Fix Zun configuration for TLS

The Zun configuration file does not set the CA for the clients the Zun
service uses: zun_client, glance_client, neutron_client, cinder_client,
and placement_client. This will cause the Zun service to fail when
TLS is enabled in the OpenStack deployment.

Depends-On: https://review.opendev.org/#/c/736809
Change-Id: Ieed843c890210608699c1a63deed66c9bb63986c
---
 ansible/roles/zun/templates/zun.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 89e82ccd73..8ff658d132 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -72,22 +72,27 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
 [zun_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [glance_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [neutron_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [cinder_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [placement_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 {% if enable_osprofiler | bool %}
 [profiler]