diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml index 0cf58eef..49cbb4c4 100644 --- a/tasks/ironic_post_install.yml +++ b/tasks/ironic_post_install.yml @@ -15,7 +15,7 @@ - name: Post swift tempURL secret key command: > - {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} + {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }} --os-username "service:{{ glance_service_user_name }}" --os-password "{{ glance_service_password }}" --os-auth-url {{ keystone_service_internalurl }} @@ -32,7 +32,7 @@ - name: Get swift account shell: > - {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} + {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }} --os-username "service:{{ glance_service_user_name }}" --os-password "{{ glance_service_password }}" --os-auth-url {{ keystone_service_internalurl }} diff --git a/vars/debian.yml b/vars/debian.yml index 62b3cfd3..48ecf4fc 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -98,3 +98,5 @@ ironic_inspector_library_modules_paths: ironic_nginx_conf_path: "sites-available" ironic_grub_dir: "/tftpboot/grub" + +_ironic_ssl_truststore_location: /etc/ssl/certs/ca-certificates.crt diff --git a/vars/redhat.yml b/vars/redhat.yml index a4885850..18994763 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -85,3 +85,5 @@ ironic_inspector_library_modules_paths: ironic_nginx_conf_path: "conf.d" ironic_grub_dir: "/tftpboot/EFI/{{ ansible_facts['distribution'] | lower }}" + +_ironic_ssl_truststore_location: /etc/pki/tls/certs/ca-bundle.crt