Comment 5 for bug 1788138

It seems we have /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors defined globally and failing to catch up puppet config changes for Keystone IdM from the /var/lib/config-data/puppet-generated/keystone/etc/pki/ca-trust/source/anchors/ directory.

And this also falls into the bug subject area, i.e. how to bind mount /etc...: vs /var/lib/config-data/(puppet-generated?)/etc...: things.