From dd50d686767e2aee4b90dc67c58fb8566800c247 Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Date: Tue, 18 Oct 2016 09:49:54 +0800
Subject: [PATCH] Add OS_CACERT in openrc when it is configured

TrivialFix

Change-Id: I5750645d63c27d3778df27ca090ceccbc08d5eef
---
 ansible/group_vars/all.yml                        | 1 +
 ansible/roles/common/templates/admin-openrc.sh.j2 | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 7834e5ddfe..52fb06f526 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -322,6 +322,7 @@ haproxy_user: "openstack"
 haproxy_enable_external_vip: "{{ 'no' if kolla_external_vip_address == kolla_internal_vip_address else 'yes' }}"
 kolla_enable_tls_external: "no"
 kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem"
+kolla_external_fqdn_cacert: "{{ node_config_directory }}/certificates/haproxy-ca.crt"
 
 
 ####################
diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2
index 7b5a3939ba..ef3890043e 100644
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@@ -6,3 +6,6 @@ export OS_USERNAME=admin
 export OS_PASSWORD={{ keystone_admin_password }}
 export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3
 export OS_IDENTITY_API_VERSION=3
+{% if kolla_enable_tls_external | bool and kolla_external_fqdn_cacert %}
+export OS_CACERT={{ kolla_external_fqdn_cacert }}
+{% endif %}