Pass CA pass to Swift CLI

Swift requires CA path to be set either with OS_CACERT env var or with
simmilar flag passed to command.

Change-Id: I40e4a0ae0e702fdc9bfbb18dcc6ef1ea3f84926f

tasks/ironic_post_install.yml

@@ -15,7 +15,7 @@
 
 - name: Post swift tempURL secret key
   command: >
-        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }}
         --os-username "service:{{ glance_service_user_name }}"
         --os-password "{{ glance_service_password }}"
         --os-auth-url {{ keystone_service_internalurl }}
@@ -32,7 +32,7 @@
 
 - name: Get swift account
   shell: >
-        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }}
         --os-username "service:{{ glance_service_user_name }}"
         --os-password "{{ glance_service_password }}"
         --os-auth-url {{ keystone_service_internalurl }}

vars/debian.yml

@@ -98,3 +98,5 @@ ironic_inspector_library_modules_paths:
 
 ironic_nginx_conf_path: "sites-available"
 ironic_grub_dir: "/tftpboot/grub"
+
+_ironic_ssl_truststore_location: /etc/ssl/certs/ca-certificates.crt

vars/redhat.yml

@@ -85,3 +85,5 @@ ironic_inspector_library_modules_paths:
 
 ironic_nginx_conf_path: "conf.d"
 ironic_grub_dir: "/tftpboot/EFI/{{ ansible_facts['distribution'] | lower }}"
+
+_ironic_ssl_truststore_location: /etc/pki/tls/certs/ca-bundle.crt