Comment 3 for bug 1993575

Hey Adrien,

There are basically 2 ways of achieving your goal.

You will be able to understand them by looking here: https://opendev.org/openstack/ansible-role-pki/src/commit/9108a8953f9d216d4e65d86e794a33805d08c966/vars/main.yml#L26

1. Combination of openstack_host_ca_certificates + `condition` in user_variables.yml. Example:

openstack_host_ca_certificates:
  - src: /etc/openstack_deploy/pki/roots/custom-ca.crt
    name: custom-ca
    condition: "{{ inventory_hostname in groups['keystone_all'] }}"

2. (Available since Yoga) Using `pki_search_install_ca_pattern` to parse all ansible variables and find suitable ones. It's similar to the above method but allows you to spread CA certificate list over multiple variables. Example:

pki_install_ca_keystone:
  - src: /etc/openstack_deploy/pki/roots/custom-ca.crt
    name: custom-ca
    condition: "{{ inventory_hostname in groups['keystone_all'] }}"