Fix Barbican client (Castellan) with TLS

The Castellan (Barbican client) has different parameters to control
the used CA file.
This patch uses them.
Moreover, this aligns Barbican with other services by defaulting
its client config to the internal endpoint.

See also [1].

[1] https://bugs.launchpad.net/castellan/+bug/1876102

Closes-Bug: #1886615

Change-Id: I6a174468bd91d214c08477b93c88032a45c137be

ansible/roles/cinder/templates/cinder.conf.j2

@@ -206,6 +206,8 @@ connection_string = {{ osprofiler_backend_connection_string }}
 {% if enable_barbican | bool %}
 [barbican]
 auth_endpoint = {{ keystone_internal_url }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
 {% endif %}
 
 [coordination]

ansible/roles/glance/templates/glance-api.conf.j2

@@ -124,3 +124,10 @@ trace_sqlalchemy = true
 hmac_keys = {{ osprofiler_secret }}
 connection_string = {{ osprofiler_backend_connection_string }}
 {% endif %}
+
+{% if enable_barbican | bool %}
+[barbican]
+auth_endpoint = {{ keystone_internal_url }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
+{% endif %}

ansible/roles/nova/templates/nova.conf.j2

@@ -196,5 +196,6 @@ connection_string = {{ osprofiler_backend_connection_string }}
 {% if enable_barbican | bool %}
 [barbican]
 auth_endpoint = {{ keystone_internal_url }}
-cafile = {{ openstack_cacert }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
 {% endif %}

releasenotes/notes/bug-1886615-640e817dfdb93b8a.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fix Castellan (Barbican client) when used with enabled TLS.
+    `LP#1886615 <https://bugs.launchpad.net/kolla-ansible/+bug/1886615>`__