Install ssl_ca for volume service only scenarios

The CA information is necessary to talk to Keystone or Glance from the
Cinder volume service. This is a follow-up of the following change where
the Vault certificate relations is assumed but ssl_ca wasn't addressed
at that point.
I69f15c3fd164f7114f5498d100b2832caf93fb00

Closes-Bug: #1967302
Change-Id: I4d7b3721fe7dfd6f7cdfd364d8c5bc340d38c00f

hooks/cinder_hooks.py

@@ -18,6 +18,7 @@
 import os
 import sys
 import uuid
+from base64 import b64decode
 
 _path = os.path.dirname(os.path.realpath(__file__))
 _root = os.path.abspath(os.path.join(_path, '..'))
@@ -119,7 +120,10 @@ from charmhelpers.contrib.storage.linux.ceph import (
     delete_keyring,
 )
 
-from charmhelpers.contrib.hahelpers.apache import install_ca_cert
+from charmhelpers.contrib.hahelpers.apache import (
+    get_ca_cert,
+    install_ca_cert,
+)
 
 from charmhelpers.contrib.hahelpers.cluster import (
     is_clustered,
@@ -235,6 +239,11 @@ def config_changed():
     if service_enabled('api'):
         configure_https()
         open_port(config('api-listening-port'))
+    else:
+        # Install CA cert to communicate with Keystone and Glance
+        ca_cert = get_ca_cert()
+        if ca_cert:
+            install_ca_cert(b64decode(ca_cert))
     update_nrpe_config()
 
     for rid in relation_ids('cluster'):