From ea1f0c084f7d74c70576c4bb1cde580a277b4654 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Date: Thu, 24 Jun 2021 11:42:34 +0300
Subject: [PATCH] Add OS_CACERT env variable

Once internal CA is used, that is not part of default trust store,
we need to ensure that openstack clients will use system-trust instead
of the default one provided by certifi library.

Change-Id: Ibe6b59b497fa665b722b648a57cb5568b1b29b5f
---
 templates/openrc.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/openrc.j2 b/templates/openrc.j2
index 05d2409..8a2521c 100644
--- a/templates/openrc.j2
+++ b/templates/openrc.j2
@@ -47,4 +47,6 @@ alias openstack='openstack --insecure'
 alias swift='swift --insecure'
 alias tacker='tacker --insecure'
 alias manila='manila --insecure'
+{% else %}
+export OS_CACERT={{ (ansible_facts['os_family'] | lower == 'redhat') | ternary('/etc/pki/tls/certs/ca-bundle.crt', '/etc/ssl/certs/ca-certificates.crt') }}
 {% endif %}