Use system trust store as REQUESTS_CA_BUNDLE

m-bull · m-bull · commit f751774bbc00 · 2025-04-16T18:37:15.000+01:00
By default Python requests uses its own CA bundle rather
than the system trust store. As we optionally update
the system trust store with our own CA, force Python
requests to use the system trust store as its CA bundle.
diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml
@@ -115,6 +115,7 @@
               ACCESS_KEY: "{{ ec2.Access }}"
               SECRET_KEY: "{{ ec2.Secret }}"
               VIRTUAL_PORT: "{{ stackhpc_radosgw_usage_exporter_port | string }}"
+              REQUESTS_CA_BUNDLE: "/etc/ssl/certs/ca-certificates.crt"
             entrypoint: "{{ ['python', '-u', './radosgw_usage_exporter.py', '--insecure'] if not stackhpc_radosgw_usage_exporter_verify else omit }}"
           vars:
             ec2: "{{ credential.stdout | from_json | first }}"
