Fix Barbican client (Castellan) with TLS (part 2)

This patch is a continuation of I6a174468bd91d214c08477b93c88032a45c137be for the nova-cell role, which was missed. The Castellan (Barbican client) has different parameters to control the used CA file. This patch uses them. Moreover, this aligns Barbican with other services by defaulting its client config to the internal endpoint. See also [1]. [1] https://bugs.launchpad.net/castellan/+bug/1876102 Closes-Bug: #1886615 Change-Id: I056f3eebcf87bcbaaf89fdd0dc1f46d143db7785
2020-08-07 14:16:03 +01:00 · 2020-08-07 14:16:03 +01:00 · 97e26b49cd
commit 97e26b49cd
parent fb9bdcb59b
1 changed files with 2 additions and 1 deletions
--- a/ansible/roles/nova-cell/templates/nova.conf.j2
+++ b/ansible/roles/nova-cell/templates/nova.conf.j2
@ -222,7 +222,8 @@ connection_string = {{ osprofiler_backend_connection_string }}
 {% if enable_barbican | bool %}
 [barbican]
 auth_endpoint = {{ keystone_internal_url }}
-cafile = {{ openstack_cacert }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
 {% endif %}

 # Cell specific settings from DevStack: