group_vars: repo_all: Always build cryptography from source

cryptography may bundle openssl in the wheel and that causes symbol
conflicts if a different openssl is provided by the distribution.
As such, it's probably safer to re-build cryptography ourselves just
to be sure that the correct distro libraries are used. This has been
addressed in openstack-ansible-tests/test-vars.yaml
(https://review.openstack.org/#/c/486580/) to fix the CI tests but the
problem is also present on regular deployments so we set it in the
group_variables for the repo_all group of hosts so it's built from
source in the wheel repository.

Related-Bug: 1705521
Link: https://github.com/pyca/cryptography/issues/3804
Change-Id: I54ba3c1fa48a2f4c633930bc7e8cc65397f86659

group_vars/repo_all.yml

@@ -52,8 +52,16 @@ pip_lock_to_internal_repo: False
 # A pre-built wheel can be missing libvirt capabilities from the installed
 # version of libvirt-bin, leading to nova-compute failing to start.
 #
+# NOTE(hwoarang) cryptography may bundle openssl in the wheel and that
+# causes symbol conflicts if a different openssl is provided by the
+# distribution. As such, it's probably safer to re-build cryptography
+# ourselves just to be sure that the correct distro libraries are used
+# see https://github.com/pyca/cryptography/issues/3804
+# This keeps popping up every now and then so it might worth keeping this
+# around even if the upstream issue is resolved
 repo_build_pip_no_binary:
   - libvirt-python
+  - cryptography
 
 # Set the build tag and the repo version
 repo_build_release_tag: "{{ openstack_release }}"