diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2
index d65e35d84f..fe826d6edc 100644
--- a/ansible/roles/aodh/templates/aodh.conf.j2
+++ b/ansible/roles/aodh/templates/aodh.conf.j2
@@ -25,7 +25,7 @@ username = {{ aodh_keystone_user }}
password = {{ aodh_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[oslo_middleware]
enable_proxy_headers_parsing = True
@@ -45,7 +45,7 @@ project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
auth_type = password
interface = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index 306f2eab9a..89036675b0 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -59,7 +59,7 @@ username = {{ barbican_keystone_user }}
password = {{ barbican_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2
index d6c6dcccd3..275e5d4dbc 100644
--- a/ansible/roles/blazar/templates/blazar.conf.j2
+++ b/ansible/roles/blazar/templates/blazar.conf.j2
@@ -32,7 +32,7 @@ project_name = service
username = {{ blazar_keystone_user }}
password = {{ blazar_keystone_password }}
service_token_roles_required = True
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 b/ansible/roles/ceilometer/templates/ceilometer.conf.j2
index 58fd80301d..9bb25ffdc2 100644
--- a/ansible/roles/ceilometer/templates/ceilometer.conf.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer.conf.j2
@@ -21,7 +21,7 @@ project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
auth_type = password
interface = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% if nova_compute_virt_type == 'vmware' %}
[vmware]
diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 85ac60d832..1c810d810d 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -17,7 +17,7 @@ glance_api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_add
glance_num_retries = {{ groups['glance-api'] | length }}
glance_api_version = 2
-glance_ca_certificates_file = {{ openstack_cacert | default(omit) }}
+glance_ca_certificates_file = {{ openstack_cacert }}
os_region_name = {{ openstack_region_name }}
@@ -87,7 +87,7 @@ region_name = {{ openstack_region_name }}
project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[database]
connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }}
@@ -102,7 +102,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ cinder_keystone_user }}
password = {{ cinder_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index 1bfbde4c0c..2f377a681e 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -24,7 +24,7 @@ project_name = service
username = {{ cloudkitty_keystone_user }}
password = {{ cloudkitty_keystone_password }}
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2
index 4d2f027668..78858d7783 100644
--- a/ansible/roles/congress/templates/congress.conf.j2
+++ b/ansible/roles/congress/templates/congress.conf.j2
@@ -37,7 +37,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ congress_keystone_user }}
password = {{ congress_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2
index 48fd9b56ae..e2014e4c61 100644
--- a/ansible/roles/cyborg/templates/cyborg.conf.j2
+++ b/ansible/roles/cyborg/templates/cyborg.conf.j2
@@ -25,7 +25,7 @@ username = {{ cyborg_keystone_user }}
password = {{ cyborg_keystone_password }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% if cyborg_policy_file is defined %}
[oslo_policy]
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 617e2abd2e..a2283029e9 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -29,7 +29,7 @@ username = {{ designate_keystone_user }}
password = {{ designate_keystone_password }}
http_connect_timeout = 60
service_token_roles_required = True
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/freezer/templates/freezer.conf.j2 b/ansible/roles/freezer/templates/freezer.conf.j2
index 0716d8020d..57b2825427 100644
--- a/ansible/roles/freezer/templates/freezer.conf.j2
+++ b/ansible/roles/freezer/templates/freezer.conf.j2
@@ -30,7 +30,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ freezer_keystone_user }}
password = {{ freezer_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index ab281df6d6..296ba757d1 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -39,7 +39,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ glance_keystone_user }}
password = {{ glance_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/glance/templates/glance-swift.conf.j2 b/ansible/roles/glance/templates/glance-swift.conf.j2
index ee836fe00a..246958c9b6 100644
--- a/ansible/roles/glance/templates/glance-swift.conf.j2
+++ b/ansible/roles/glance/templates/glance-swift.conf.j2
@@ -5,4 +5,4 @@ user = service:{{ glance_keystone_user }}
key = {{ glance_keystone_password }}
project_domain_id = default
user_domain_id = default
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
index 3be0e95763..8af10d9afe 100644
--- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@@ -51,7 +51,7 @@ username = {{ gnocchi_keystone_user }}
password = {{ gnocchi_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 9e8ed436cd..a2e7dcf3a2 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -49,7 +49,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ heat_keystone_user }}
password = {{ heat_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -89,7 +89,7 @@ policy_file = {{ heat_policy_file }}
[clients]
endpoint_type = internalURL
-ca_file = {{ openstack_cacert | default(omit) }}
+ca_file = {{ openstack_cacert }}
[oslo_middleware]
enable_proxy_headers_parsing = True
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index fb11fab366..4019e4b77c 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -22,7 +22,7 @@ project_name = service
username = {{ ironic_inspector_keystone_user }}
password = {{ ironic_inspector_keystone_password }}
os_endpoint_type = internalURL
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% else %}
auth_type = none
endpoint_override = {{ ironic_internal_endpoint }}
@@ -38,7 +38,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ ironic_inspector_keystone_user }}
password = {{ ironic_inspector_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 9b8f563472..531dede028 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -63,7 +63,7 @@ username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -81,7 +81,7 @@ username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
{% if enable_glance | bool %}
@@ -95,7 +95,7 @@ username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
{% if enable_neutron | bool %}
@@ -110,7 +110,7 @@ password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
cleaning_network = {{ ironic_cleaning_network }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
{% if enable_nova | bool %}
@@ -124,7 +124,7 @@ username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
[inspector]
@@ -138,7 +138,7 @@ username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% else %}
auth_type = none
endpoint_override = {{ ironic_inspector_internal_endpoint }}
@@ -155,7 +155,7 @@ username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% else %}
auth_type = none
endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}
diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2
index e996f0e8b6..643b9da3c0 100644
--- a/ansible/roles/karbor/templates/karbor.conf.j2
+++ b/ansible/roles/karbor/templates/karbor.conf.j2
@@ -19,7 +19,7 @@ username = {{ karbor_keystone_user }}
password = {{ karbor_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[clients_keystone]
auth_uri = {{ keystone_internal_url }}
@@ -40,7 +40,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ karbor_keystone_user }}
password = {{ karbor_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/kibana/templates/kibana.yml.j2 b/ansible/roles/kibana/templates/kibana.yml.j2
index bf5f08012d..bf0043a700 100644
--- a/ansible/roles/kibana/templates/kibana.yml.j2
+++ b/ansible/roles/kibana/templates/kibana.yml.j2
@@ -6,4 +6,4 @@ elasticsearch.url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_addre
elasticsearch.requestTimeout: {{ kibana_elasticsearch_request_timeout }}
elasticsearch.shardTimeout: {{ kibana_elasticsearch_shard_timeout }}
elasticsearch.ssl.verificationMode: "{{ 'full' if kibana_elasticsearch_ssl_verify | bool else 'none' }}"
-elasticsearch.ssl.certificateAuthorities: {{ openstack_cacert | default(omit) }}
+elasticsearch.ssl.certificateAuthorities: {{ openstack_cacert }}
diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2
index 30027a2e63..56e7fc1344 100644
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@@ -21,7 +21,7 @@ project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
password = {{ kuryr_keystone_password }}
username = {{ kuryr_keystone_user }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% if kuryr_policy_file is defined %}
[oslo_policy]
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 772421742e..7e143d7ed8 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -65,7 +65,7 @@ user_domain_name = {{ default_user_domain_name }}
project_name = service
username = {{ magnum_keystone_user }}
password = {{ magnum_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index 9c4c51d5e9..94c9edc218 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -16,7 +16,7 @@ endpoint_type = internalURL
project_name = service
username = cinder
password = {{ cinder_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -33,7 +33,7 @@ endpoint_type = internalURL
project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -51,7 +51,7 @@ endpoint_type = internalURL
project_name = service
username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index 9598560325..c316ccfcca 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -37,7 +37,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ manila_keystone_user }}
password = {{ manila_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 b/ansible/roles/masakari/templates/masakari-monitors.conf.j2
index 18009ddb80..39675e3a09 100644
--- a/ansible/roles/masakari/templates/masakari-monitors.conf.j2
+++ b/ansible/roles/masakari/templates/masakari-monitors.conf.j2
@@ -10,7 +10,7 @@ project_name = service
project_domain_id = {{ default_project_domain_id }}
username = {{ masakari_keystone_user }}
password = {{ masakari_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
api_interface = internal
[libvirt]
diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2
index eb4c512783..bba3704b3a 100644
--- a/ansible/roles/masakari/templates/masakari.conf.j2
+++ b/ansible/roles/masakari/templates/masakari.conf.j2
@@ -28,7 +28,7 @@ username = {{ masakari_keystone_user }}
password = {{ masakari_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index 1c758543d3..c99786e0f2 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -45,7 +45,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ mistral_keystone_user }}
password = {{ mistral_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 b/ansible/roles/monasca/templates/monasca-api/api.conf.j2
index 30491645ab..105ae7ac1d 100644
--- a/ansible/roles/monasca/templates/monasca-api/api.conf.j2
+++ b/ansible/roles/monasca/templates/monasca-api/api.conf.j2
@@ -36,7 +36,7 @@ project_name = service
username = {{ monasca_keystone_user }}
password = {{ monasca_keystone_password }}
service_token_roles_required=True
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2 b/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2
index b303de5cbb..56946c8bdd 100644
--- a/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2
+++ b/ansible/roles/monasca/templates/monasca-log-api/log-api.conf.j2
@@ -36,7 +36,7 @@ project_name = service
username = {{ monasca_keystone_user }}
password = {{ monasca_keystone_password }}
service_token_roles_required=True
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2
index 98831dc016..92e3a4cce4 100644
--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@@ -27,7 +27,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -42,7 +42,7 @@ user_domain_name = {{ default_user_domain_name }}
project_name = service
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[murano]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ murano_api_port }}
@@ -80,22 +80,22 @@ auth_url = {{ keystone_internal_url }}/v3
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
user_domain_name = {{ default_project_domain_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
{% endif %}
[neutron]
endpoint_type = internalURL
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[heat]
endpoint_type = internalURL
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[glance]
endpoint_type = internalURL
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[mistral]
endpoint_type = internalURL
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
diff --git a/ansible/roles/neutron/templates/metadata_agent.ini.j2 b/ansible/roles/neutron/templates/metadata_agent.ini.j2
index 0b1a34dd65..cdee21fcbb 100644
--- a/ansible/roles/neutron/templates/metadata_agent.ini.j2
+++ b/ansible/roles/neutron/templates/metadata_agent.ini.j2
@@ -1,6 +1,6 @@
# metadata_agent.ini
[DEFAULT]
-auth_ca_cert = {{ openstack_cacert | default(omit) }}
+auth_ca_cert = {{ openstack_cacert }}
nova_metadata_host = {{ nova_internal_fqdn }}
nova_metadata_port = {{ nova_metadata_port }}
metadata_proxy_shared_secret = {{ metadata_secret }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 03a02132f1..1b9c01c9a4 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -84,7 +84,7 @@ project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
endpoint_type = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[oslo_middleware]
enable_proxy_headers_parsing = True
@@ -108,7 +108,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -151,7 +151,7 @@ password = {{ designate_keystone_password }}
allow_reverse_dns_lookup = True
ipv4_ptr_zone_prefix_size = 24
ipv6_ptr_zone_prefix_size = 116
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
{% if enable_osprofiler | bool %}
@@ -172,7 +172,7 @@ project_name = service
project_domain_name = {{ default_project_domain_name }}
os_region_name = {{ openstack_region_name }}
os_interface = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[privsep]
helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper
diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2
index f39c95ef61..025ee75a60 100644
--- a/ansible/roles/nova-cell/templates/nova.conf.j2
+++ b/ansible/roles/nova-cell/templates/nova.conf.j2
@@ -90,7 +90,7 @@ proxyclient_address = {{ api_interface_address }}
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
auth_url = {{ openstack_auth.auth_url }}/v3
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
auth_type = password
project_name = service
user_domain_name = {{ default_user_domain_name }}
@@ -104,14 +104,14 @@ lock_path = /var/lib/nova/tmp
[glance]
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
num_retries = 3
{% if enable_cinder | bool %}
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
[neutron]
@@ -122,7 +122,7 @@ ovs_bridge = {{ ovs_bridge }}
{% endif %}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
@@ -188,7 +188,7 @@ helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --confi
[glance]
debug = {{ nova_logging_debug }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[guestfs]
debug = {{ nova_logging_debug }}
@@ -202,7 +202,7 @@ user_domain_name = {{ default_user_domain_name }}
project_name = service
project_domain_name = {{ default_project_domain_name }}
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
valid_interfaces = internal
[notifications]
@@ -227,7 +227,7 @@ connection_string = {{ osprofiler_backend_connection_string }}
{% if enable_barbican | bool %}
[barbican]
auth_endpoint = {{ keystone_internal_url }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
{% if nova_compute_virt_type == "xenapi" %}
diff --git a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
index 7a2dc9f51a..260b0774c6 100644
--- a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
+++ b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
@@ -29,11 +29,11 @@ password = {{ placement_keystone_password }}
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
os_region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[glance]
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[hyperv]
@@ -59,7 +59,7 @@ username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
auth_url = {{ keystone_admin_url }}/v3
auth_type = v3password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index d3e21781c7..7df8eb5956 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -59,7 +59,7 @@ lock_path = /var/lib/nova/tmp
[glance]
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
num_retries = {{ groups['glance-api'] | length }}
debug = {{ nova_logging_debug }}
@@ -74,7 +74,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ cinder_keystone_user }}
password = {{ cinder_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
[neutron]
@@ -92,7 +92,7 @@ username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[database]
connection = mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}
@@ -119,7 +119,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -170,7 +170,7 @@ user_domain_name = {{ default_user_domain_name }}
project_name = service
project_domain_name = {{ default_project_domain_name }}
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
valid_interfaces = internal
[notifications]
@@ -195,5 +195,5 @@ connection_string = {{ osprofiler_backend_connection_string }}
{% if enable_barbican | bool %}
[barbican]
auth_endpoint = {{ keystone_internal_url }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% endif %}
diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index 48bb231eb9..90d58135c7 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -44,7 +44,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ octavia_keystone_user }}
password = {{ octavia_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -84,14 +84,14 @@ policy_file = {{ octavia_policy_file }}
[glance]
region_name = {{ openstack_region_name }}
endpoint_type = internal
-ca_certificates_file == {{ openstack_cacert | default(omit) }}
+ca_certificates_file == {{ openstack_cacert }}
[neutron]
region_name = {{ openstack_region_name }}
endpoint_type = internal
-ca_certificates_file == {{ openstack_cacert | default(omit) }}
+ca_certificates_file == {{ openstack_cacert }}
[nova]
region_name = {{ openstack_region_name }}
endpoint_type = internal
-ca_certificates_file == {{ openstack_cacert | default(omit) }}
+ca_certificates_file == {{ openstack_cacert }}
diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2
index 29544fba49..7cf2fe8635 100644
--- a/ansible/roles/panko/templates/panko.conf.j2
+++ b/ansible/roles/panko/templates/panko.conf.j2
@@ -25,7 +25,7 @@ username = {{ panko_keystone_user }}
password = {{ panko_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/placement/templates/placement.conf.j2 b/ansible/roles/placement/templates/placement.conf.j2
index 300329c09a..3f4947d287 100644
--- a/ansible/roles/placement/templates/placement.conf.j2
+++ b/ansible/roles/placement/templates/placement.conf.j2
@@ -42,7 +42,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/qinling/templates/qinling.conf.j2 b/ansible/roles/qinling/templates/qinling.conf.j2
index f22917bc93..679804167f 100644
--- a/ansible/roles/qinling/templates/qinling.conf.j2
+++ b/ansible/roles/qinling/templates/qinling.conf.j2
@@ -28,7 +28,7 @@ project_name = service
username = {{ qinling_keystone_user }}
password = {{ qinling_keystone_password }}
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2
index 5f1baa8144..616a39474c 100644
--- a/ansible/roles/sahara/templates/sahara.conf.j2
+++ b/ansible/roles/sahara/templates/sahara.conf.j2
@@ -21,7 +21,7 @@ project_name = service
project_domain_name = {{ default_project_domain_name }}
username = {{ sahara_keystone_user }}
password = {{ sahara_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -52,4 +52,4 @@ user_domain_name = {{ default_user_domain_name }}
username = {{ sahara_keystone_user }}
password = {{ sahara_keystone_password }}
auth_url = {{ keystone_admin_url }}/v3
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
diff --git a/ansible/roles/searchlight/templates/searchlight.conf.j2 b/ansible/roles/searchlight/templates/searchlight.conf.j2
index 4a22f8a3e1..59c14d96b5 100644
--- a/ansible/roles/searchlight/templates/searchlight.conf.j2
+++ b/ansible/roles/searchlight/templates/searchlight.conf.j2
@@ -29,7 +29,7 @@ user_domain_name = {{ default_user_domain_name }}
username = {{ searchlight_keystone_user }}
password = {{ searchlight_keystone_password }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -61,7 +61,7 @@ username = {{ searchlight_keystone_user }}
password = {{ searchlight_keystone_password }}
auth_type = password
auth_plugin = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2
index a3c689c34b..3fc59d3fb0 100644
--- a/ansible/roles/senlin/templates/senlin.conf.j2
+++ b/ansible/roles/senlin/templates/senlin.conf.j2
@@ -49,7 +49,7 @@ project_name = service
username = {{ senlin_keystone_user }}
password = {{ senlin_keystone_password }}
service_token_roles_required = False
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2
index 71f7373ad9..33dda508dc 100644
--- a/ansible/roles/solum/templates/solum.conf.j2
+++ b/ansible/roles/solum/templates/solum.conf.j2
@@ -51,7 +51,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ solum_keystone_user }}
password = {{ solum_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index e7b2c42f2b..280ae890aa 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -44,7 +44,7 @@ project_name = service
username = {{ swift_keystone_user }}
password = {{ swift_keystone_password }}
delay_auth_decision = {{ swift_delay_auth_decision }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
index 4267564817..10c4c17435 100644
--- a/ansible/roles/tacker/templates/tacker.conf.j2
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -38,7 +38,7 @@ user_domain_name = {{ default_user_domain_id }}
project_name = service
username = {{ tacker_keystone_user }}
password = {{ tacker_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/telegraf/templates/telegraf.conf.j2 b/ansible/roles/telegraf/templates/telegraf.conf.j2
index 2a406ebb4e..a5c3185d07 100644
--- a/ansible/roles/telegraf/templates/telegraf.conf.j2
+++ b/ansible/roles/telegraf/templates/telegraf.conf.j2
@@ -19,7 +19,7 @@
retention_policy = "autogen"
write_consistency = "any"
timeout = "5s"
- tls_ca = {{ openstack_cacert | default(omit) }}
+ tls_ca = {{ openstack_cacert }}
{% endfor %}
{% endif %}
[[inputs.cpu]]
diff --git a/ansible/roles/tempest/templates/tempest.conf.j2 b/ansible/roles/tempest/templates/tempest.conf.j2
index 90d7f691bd..c8e4632bcb 100644
--- a/ansible/roles/tempest/templates/tempest.conf.j2
+++ b/ansible/roles/tempest/templates/tempest.conf.j2
@@ -41,7 +41,7 @@ region = {{ openstack_region_name }}
auth_version = v3
uri = {{ keystone_admin_url }}/v2.0
uri_v3 = {{ keystone_admin_url }}/v3
-ca_certificates_file = {{ openstack_cacert | default(omit) }}
+ca_certificates_file = {{ openstack_cacert }}
[image]
region = {{ openstack_region_name }}
diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2
index ef2fbe60a3..c35b24ee39 100644
--- a/ansible/roles/trove/templates/trove.conf.j2
+++ b/ansible/roles/trove/templates/trove.conf.j2
@@ -39,7 +39,7 @@ username = {{ trove_keystone_user }}
password = {{ trove_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2
index 07c41707a6..fe25b29bd8 100644
--- a/ansible/roles/vitrage/templates/vitrage.conf.j2
+++ b/ansible/roles/vitrage/templates/vitrage.conf.j2
@@ -39,7 +39,7 @@ project_name = service
username = {{ vitrage_keystone_user }}
password = {{ vitrage_keystone_password }}
service_token_roles_required = True
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -55,7 +55,7 @@ project_name = admin
password = {{ vitrage_keystone_password }}
username = {{ vitrage_keystone_user }}
interface = internal
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index ed3ec2c68a..fc320f6df1 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -26,7 +26,7 @@ project_name = service
username = {{ watcher_keystone_user }}
password = {{ watcher_keystone_password }}
service_token_roles_required = True
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@@ -41,7 +41,7 @@ user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ watcher_keystone_user }}
password = {{ watcher_keystone_password }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
[oslo_concurrency]
lock_path = /var/lib/watcher/tmp
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index e3f8a7be33..e6cc023a38 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -38,7 +38,7 @@ username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT
@@ -60,7 +60,7 @@ username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
-cafile = {{ openstack_cacert | default(omit) }}
+cafile = {{ openstack_cacert }}
{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT