From b09526d494609a01d1afc00015c37bb63103a9b5 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Fri, 25 Nov 2022 10:56:59 +0100
Subject: [PATCH] Pass CA pass to Swift CLI

Swift requires CA path to be set either with OS_CACERT env var or with
simmilar flag passed to command.

Change-Id: I40e4a0ae0e702fdc9bfbb18dcc6ef1ea3f84926f
---
 tasks/ironic_post_install.yml | 4 ++--
 vars/debian.yml               | 2 ++
 vars/redhat.yml               | 2 ++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml
index 0cf58eef..49cbb4c4 100644
--- a/tasks/ironic_post_install.yml
+++ b/tasks/ironic_post_install.yml
@@ -15,7 +15,7 @@
 
 - name: Post swift tempURL secret key
   command: >
-        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }}
         --os-username "service:{{ glance_service_user_name }}"
         --os-password "{{ glance_service_password }}"
         --os-auth-url {{ keystone_service_internalurl }}
@@ -32,7 +32,7 @@
 
 - name: Get swift account
   shell: >
-        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }}
         --os-username "service:{{ glance_service_user_name }}"
         --os-password "{{ glance_service_password }}"
         --os-auth-url {{ keystone_service_internalurl }}
diff --git a/vars/debian.yml b/vars/debian.yml
index 62b3cfd3..48ecf4fc 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -98,3 +98,5 @@ ironic_inspector_library_modules_paths:
 
 ironic_nginx_conf_path: "sites-available"
 ironic_grub_dir: "/tftpboot/grub"
+
+_ironic_ssl_truststore_location: /etc/ssl/certs/ca-certificates.crt
diff --git a/vars/redhat.yml b/vars/redhat.yml
index a4885850..18994763 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -85,3 +85,5 @@ ironic_inspector_library_modules_paths:
 
 ironic_nginx_conf_path: "conf.d"
 ironic_grub_dir: "/tftpboot/EFI/{{ ansible_facts['distribution'] | lower }}"
+
+_ironic_ssl_truststore_location: /etc/pki/tls/certs/ca-bundle.crt