Fix Barbican client (Castellan) with TLS (part 2)

This patch is a continuation of I6a174468bd91d214c08477b93c88032a45c137be for the nova-cell role, which was missed. The Castellan (Barbican client) has different parameters to control the used CA file. This patch uses them. Moreover, this aligns Barbican with other services by defaulting its client config to the internal endpoint. See also [1]. [1] https://bugs.launchpad.net/castellan/+bug/1876102 Closes-Bug: #1886615 Change-Id: I056f3eebcf87bcbaaf89fdd0dc1f46d143db7785

Fix Barbican client (Castellan) with TLS (part 2)
97e26b49 · Mark Goddard · fb9bdcb5 · 97e26b49
Commit 97e26b49 authored 4 years ago by Mark Goddard
--- a/ansible/roles/nova-cell/templates/nova.conf.j2
+++ b/ansible/roles/nova-cell/templates/nova.conf.j2
@@ -222,7 +222,8 @@ connection_string = {{ osprofiler_backend_connection_string }}
 {% if enable_barbican | bool %}
 [barbican]
 auth_endpoint = {{ keystone_internal_url }}
-cafile = {{ openstack_cacert }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
 {% endif %}

 # Cell specific settings from DevStack: