Adding support for an SSL certificate signed by the OpenStack cluster

roles/openshift_cloud_provider/defaults/main.yml

@@ -3,3 +3,4 @@ openshift_gcp_project: ''
 openshift_gcp_prefix: ''
 openshift_gcp_network_name: "{{ openshift_gcp_prefix }}network"
 openshift_gcp_multizone: False
+openshift_openstack_ca_file_path: '/etc/origin/cloudprovider/openstack.crt'

roles/openshift_cloud_provider/tasks/openstack.yml

@@ -1,4 +1,10 @@
 ---
+- name: Copy cloud CA certificate
+  copy:
+    content: "{{ openshift_cloudprovider_openstack_ca_file }}"
+    dest: "{{ openshift_openstack_ca_file_path }}"
+  when: openshift_cloudprovider_openstack_ca_file is defined
+
 - name: Create cloud config
   template:
     dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf"

roles/openshift_cloud_provider/templates/openstack.conf.j2

@@ -15,6 +15,9 @@ tenant-name = {{ openshift_cloudprovider_openstack_tenant_name }}
 {% if openshift_cloudprovider_openstack_region is defined %}
 region = {{ openshift_cloudprovider_openstack_region }}
 {% endif %}
+{% if openshift_cloudprovider_openstack_ca_file is defined %}
+ca-file = {{ openshift_openstack_ca_file_path }}
+{% endif %}
 {% if openshift_cloudprovider_openstack_lb_subnet_id is defined %}
 [LoadBalancer]
 subnet-id = {{ openshift_cloudprovider_openstack_lb_subnet_id }}
@@ -22,4 +25,4 @@ subnet-id = {{ openshift_cloudprovider_openstack_lb_subnet_id }}
 {% if openshift_cloudprovider_openstack_blockstorage_version is defined %}
 [BlockStorage]
 bs-version={{ openshift_cloudprovider_openstack_blockstorage_version }}
-{% endif %}
+{% endif %}