Merge "OpenStack HTTPS Endpoints support"
diff --git a/ironic/files/newton/ironic.conf b/ironic/files/newton/ironic.conf
index c68c59e..2d1b554 100644
--- a/ironic/files/newton/ironic.conf
+++ b/ironic/files/newton/ironic.conf
@@ -1189,6 +1189,9 @@
# Authentication URL (string value)
{%- if conductor.get('glance', {}).get('auth_strategy') == 'keystone' %}
auth_url = {{ conductor.identity.protocol }}://{{ conductor.identity.host }}:{{ conductor.identity.port }}/identity
+{%- if conductor.identity.protocol == 'https' %}
+cafile={{ conductor.identity.get('cacert_file', conductor.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_url = <None>
{%- endif %}
@@ -1762,6 +1765,9 @@
# Authentication URL (string value)
{%- if ironic.get('identity', {}).get('engine') == 'keystone' %}
auth_url = {{ ironic.identity.protocol }}://{{ ironic.identity.host }}:{{ ironic.identity.port }}/identity
+{%- if ironic.identity.protocol == 'https' %}
+cafile={{ ironic.identity.get('cacert_file', ironic.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_uri = <None>
{%- endif %}
@@ -2226,6 +2232,9 @@
# Authentication URL (string value)
{%- if conductor.get('neutron', {}).get('auth_strategy') == 'keystone' %}
auth_url = {{ conductor.identity.protocol }}://{{ conductor.identity.host }}:{{ conductor.identity.port }}/identity
+{%- if conductor.identity.protocol == 'https' %}
+cafile={{ conductor.identity.get('cacert_file', conductor.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_url = <None>
{%- endif %}
@@ -3353,6 +3362,9 @@
# Authentication URL (string value)
{%- if ironic.get('identity', {}).get('engine') == 'keystone' %}
auth_url = {{ ironic.identity.protocol }}://{{ ironic.identity.host }}:{{ ironic.identity.port }}/identity
+{%- if ironic.identity.protocol == 'https' %}
+cafile={{ ironic.identity.get('cacert_file', ironic.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_url = <None>
{%- endif %}
diff --git a/ironic/files/ocata/ironic.conf b/ironic/files/ocata/ironic.conf
index 672c413..a701d2a 100644
--- a/ironic/files/ocata/ironic.conf
+++ b/ironic/files/ocata/ironic.conf
@@ -1491,6 +1491,9 @@
# Authentication URL (string value)
{%- if conductor.get('glance', {}).get('auth_strategy') == 'keystone' %}
auth_url = {{ conductor.identity.protocol }}://{{ conductor.identity.host }}:{{ conductor.identity.port }}/identity
+{%- if conductor.identity.protocol == 'https' %}
+cafile={{ conductor.identity.get('cacert_file', conductor.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_url = <None>
{%- endif %}
@@ -2063,6 +2066,9 @@
# Authentication URL (string value)
{%- if ironic.get('identity', {}).get('engine') == 'keystone' %}
auth_url = {{ ironic.identity.protocol }}://{{ ironic.identity.host }}:{{ ironic.identity.port }}/identity
+{%- if ironic.identity.protocol == 'https' %}
+cafile={{ ironic.identity.get('cacert_file', ironic.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_uri = <None>
{%- endif %}
@@ -2527,6 +2533,9 @@
# Authentication URL (string value)
{%- if conductor.get('neutron', {}).get('auth_strategy') == 'keystone' %}
auth_url = {{ conductor.identity.protocol }}://{{ conductor.identity.host }}:{{ conductor.identity.port }}/identity
+{%- if conductor.identity.protocol == 'https' %}
+cafile={{ conductor.identity.get('cacert_file', conductor.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_url = <None>
{%- endif %}
@@ -3685,6 +3694,9 @@
# Authentication URL (string value)
{%- if ironic.get('identity', {}).get('engine') == 'keystone' %}
auth_url = {{ ironic.identity.protocol }}://{{ ironic.identity.host }}:{{ ironic.identity.port }}/identity
+{%- if ironic.identity.protocol == 'https' %}
+cafile={{ ironic.identity.get('cacert_file', ironic.cacert_file) }}
+{%- endif %}
{%- else %}
#auth_url = <None>
{%- endif %}