Description of problem: Update from 16.0 latest_cdn to 16.1 RHOS-16.1-RHEL-8-20200602.n.1 puddle:

Overcloud update converge fails on that task:


2020-06-02 23:46:45 | TASK [tripleo-keystone-resources : Create default domain] **********************
2020-06-02 23:46:45 | Tuesday 02 June 2020  23:46:43 +0000 (0:00:00.183)       0:25:03.385 **********
2020-06-02 23:46:45 | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/ipa/ca.crt
2020-06-02 23:46:45 | fatal: [undercloud]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 102, in <module>\n  File \"<stdin>\", line 94, in _ansiballz_main\n  File \"<stdin>\", line 40, in invoke_module\n  File \"/usr/lib64/python3.6/runpy.py\", line 205,in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_os_keystone_domain_payload_czd0_7yw/ansible_os_keystone_domain_payload.zip/ansible/modules/cloud/openstack/os_keystone_domain.py\", line 185, in <module>\n  File \"/tmp/ansible_os_keystone_domain_payload_czd0_7yw/ansible_os_keystone_domain_payload.zip/ansible/modules/cloud/openstack/os_keystone_domain.py\", line145, in main\n  File \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line 883, in search_domains\n    return self.list_domains(**filters)\n  File \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line 856, in list_domains\n    data = self._identity_client.get(\n  File \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line 32, in _identity_client\n    'identity', min_version=2, max_version='3.latest')\n  File \"/usr/lib/python3.6/site-packages/openstack/cloud/openstackcloud.py\", line 406, in _get_versioned_client\n    if adapter.get_endpoint():\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py\", line 282, in get_endpoint\n    return self.session.get_endpoint(auth or self.auth, **kwargs)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1200, in get_endpoint\n    return auth.get_endpoint(self, **kwargs)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line 380, in get_endpoint\n    allow_version_hack=allow_version_hack, **kwargs)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line 271, in get_endpoint_data\n    service_catalog = self.get_access(session).service_catalog\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line 134, in get_access\n    self.auth_ref = self.get_auth_ref(session)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\", line 206, in get_auth_ref\n    self._plugin = self._do_create_plugin(session)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\", line 138, in _do_create_plugin\n    authenticated=False)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line 610, in get_discovery\n    authenticated=authenticated)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 1442, in get_discovery\n    disc = Discover(session, url, authenticated=authenticated)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 526, in __init__\n    authenticated=authenticated)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 101, in get_version_data\n    resp = session.get(url, headers=headers, authenticated=authenticated)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1098, in get\n    return self.request(url, 'GET', **kwargs)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 888, in request\n    resp = send(**kwargs)\n  File \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 979, in _send_request\n    resp = self.session.request(method, url, **kwargs)\n  File \"/usr/lib/python3.6/site-packages/requests/sessions.py\", line 533, in request\n    resp = self.send(prep, **send_kwargs)\n  File \"/usr/lib/python3.6/site-packages/requests/sessions.py\", line 646, in send\n    r = adapter.send(request, **kwargs)\n  File \"/usr/lib/python3.6/site-packages/requests/adapters.py\", line 416, in send\n    self.cert_verify(conn, request.url, verify, cert)\n  File \"/usr/lib/python3.6/site-packages/requests/adapters.py\", line 228, in cert_verify\n    \"invalid path: {}\".format(cert_loc))\nOSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/ipa/ca.crt\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}