Most OpenStack API communication uses the cafile option in the service_credentials config. For swift the client is created differently, and does not get this option. When TLS is used, we may get an error like the following:
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager Traceback (most recent call last):
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/ceilometer/polling/manager.py", line 187, in poll_and_notify
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager for sample in samples:
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/ceilometer/objectstore/swift.py", line 113, in get_samples
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager cache, tenants):
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/ceilometer/objectstore/swift.py", line 80, in _iter_accounts
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager ksclient, tenants))
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/ceilometer/objectstore/swift.py", line 94, in _get_account_info
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager keystone_client.get_auth_token(ksclient)))
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/swiftclient/client.py", line 857, in head_account
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager conn.request(method, parsed.path, '', req_headers)
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/swiftclient/client.py", line 460, in request
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager files=files, **self.requests_args)
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/swiftclient/client.py", line 443, in _request
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager return self.request_session.request(*arg, **kwarg)
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager resp = self.send(prep, **send_kwargs)
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager r = adapter.send(request, **kwargs)
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager File "/var/lib/kolla/venv/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager raise SSLError(e, request=request)
2021-08-20 12:38:03.447 34 ERROR ceilometer.polling.manager requests.exceptions.SSLError: HTTPSConnectionPool(host='1.2.3.4', port=443): Max retries exceeded with url: /swift/v1/AUTH_XXXX (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
This issue was fixed in the openstack/ ceilometer 17.0.0.0rc1 release candidate.