From 9dc2b019a21a31485632a5882ecf5ac5f34ef0f7 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@osism.tech>
Date: Fri, 8 Sep 2023 18:13:44 +0200
Subject: [PATCH] senlin: add missing cafile parameter

The cafile parameter in the authentication section is required
in the senlin.conf configuration file when working with
self-signed certificates.

Change-Id: I3cd43cc7f43782a6c1d701a3e5b977bbc42e3719
---
 ansible/roles/senlin/templates/senlin.conf.j2              | 1 +
 .../senlin-authentication-cafile-4fe5e2f79769c872.yaml     | 7 +++++++
 2 files changed, 8 insertions(+)
 create mode 100644 releasenotes/notes/senlin-authentication-cafile-4fe5e2f79769c872.yaml

diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2
index 8d5e7465c..0af30c982 100644
--- a/ansible/roles/senlin/templates/senlin.conf.j2
+++ b/ansible/roles/senlin/templates/senlin.conf.j2
@@ -14,6 +14,7 @@ workers = {{ senlin_api_workers }}
 
 [authentication]
 auth_url = {{ keystone_internal_url }}
+cafile = {{ openstack_cacert }}
 service_username = {{ senlin_keystone_user }}
 service_password = {{ senlin_keystone_password }}
 service_project_name = service
diff --git a/releasenotes/notes/senlin-authentication-cafile-4fe5e2f79769c872.yaml b/releasenotes/notes/senlin-authentication-cafile-4fe5e2f79769c872.yaml
new file mode 100644
index 000000000..54dfa7b3f
--- /dev/null
+++ b/releasenotes/notes/senlin-authentication-cafile-4fe5e2f79769c872.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    In the configuration template of the Senlin service the ``cafile``
+    parameter is now set by default in the ``authentication`` section.
+    This way the use of self-signed certificates on the internal Keystone
+    endpoint is also usable in the Senlin service.
-- 
GitLab