Merge "[pike] Define cafile if ssl is enabled"
diff --git a/octavia/files/pike/octavia_api.conf b/octavia/files/pike/octavia_api.conf
index 9a70770..e5c05bd 100644
--- a/octavia/files/pike/octavia_api.conf
+++ b/octavia/files/pike/octavia_api.conf
@@ -994,7 +994,9 @@
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
#cafile = <None>
-cafile =
+{%- if api.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ api.identity.get('cacert_file', api.cacert_file) }}
+{%- endif %}
# Verify HTTPS connections. (boolean value)
#insecure = false
@@ -2000,6 +2002,9 @@
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
# (string value)
#cafile = <None>
+{%- if api.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ api.identity.get('cacert_file', api.cacert_file) }}
+{%- endif %}
# PEM encoded client certificate cert file (string value)
#certfile = <None>
diff --git a/octavia/files/pike/octavia_manager.conf b/octavia/files/pike/octavia_manager.conf
index 60e181c..d5c0ec3 100644
--- a/octavia/files/pike/octavia_manager.conf
+++ b/octavia/files/pike/octavia_manager.conf
@@ -1041,7 +1041,9 @@
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
#cafile = <None>
-cafile =
+{%- if manager.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ manager.identity.get('cacert_file', manager.cacert_file) }}
+{%- endif %}
# Verify HTTPS connections. (boolean value)
#insecure = false
@@ -2047,6 +2049,9 @@
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
# (string value)
#cafile = <None>
+{%- if manager.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ manager.identity.get('cacert_file', manager.cacert_file) }}
+{%- endif %}
# PEM encoded client certificate cert file (string value)
#certfile = <None>