From fc7546a2aed061f661fc4e975343f32a6fdc27d8 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Fri, 17 Jul 2020 18:57:21 +0000
Subject: [PATCH] Fix CA file for nova client

If a custom CA file is configured via nova_ca_certificates_file,
currently communication with Keystone will fail, since the session is
not created using this CA file. The same is true for nova_api_insecure.

This change fixes the issue by using a keystoneauth session loader.

Closes-Bug: #1873736

Change-Id: I54a4f398a06c61e0f6f8f3efd3e4b6214bca756b
(cherry picked from commit 3bd82c776c91bdd1caee474f3fc9cda18927da7f)
---
 masakari/compute/nova.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/masakari/compute/nova.py b/masakari/compute/nova.py
index 4df12939..df7e9f4d 100644
--- a/masakari/compute/nova.py
+++ b/masakari/compute/nova.py
@@ -21,7 +21,7 @@ import sys
 
 from keystoneauth1 import exceptions as keystone_exception
 import keystoneauth1.loading
-import keystoneauth1.session
+import keystoneauth1.loading.session
 from novaclient import api_versions
 from novaclient import client as nova_client
 from novaclient import exceptions as nova_exception
@@ -113,7 +113,10 @@ def novaclient(context, timeout=None):
         project_name=context.project_name,
         user_domain_name=CONF.os_user_domain_name,
         project_domain_name=CONF.os_project_domain_name)
-    keystone_session = keystoneauth1.session.Session(auth=auth)
+    session_loader = keystoneauth1.loading.session.Session()
+    keystone_session = session_loader.load_from_options(
+        auth=auth, cacert=CONF.nova_ca_certificates_file,
+        insecure=CONF.nova_api_insecure)
 
     client_obj = nova_client.Client(
         api_versions.APIVersion(NOVA_API_VERSION),