From b6c52323df2b6003a9d1cc145ace23919e436915 Mon Sep 17 00:00:00 2001
From: Pierre Riteau <pierre@stackhpc.com>
Date: Mon, 19 Dec 2022 22:24:14 +0100
Subject: [PATCH] cloudkitty: set cafile for fetcher_keystone

Without this setting, the keystone fetcher fails to authenticate when
using internal TLS with a local CA.

Closes-Bug: #2000097

Change-Id: Ia709f450c3e5b73e145e89a305cd038c05507dc6
---
 ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index 30ddb21ad4..0e60271413 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -80,6 +80,7 @@ backend = {{ cloudkitty_fetcher_backend }}
 [fetcher_keystone]
 keystone_version = 3
 auth_section = keystone_authtoken
+cafile = {{ openstack_cacert }}
 region_name = {{ openstack_region_name }}
 {% endif %}