From d48b4a3a4e5d0b80c3644844e0f1c8e3806c78d6 Mon Sep 17 00:00:00 2001
From: Julien Danjou <julien@danjou.info>
Date: Thu, 31 Oct 2013 11:27:03 +0100
Subject: [PATCH] Add an insecure option for Keystone client

Change-Id: I05cea4c79ad89d2c55008ea0d7ba9eefa5908fa2
Closes-Bug: #1232437
---
 ceilometer/central/manager.py         | 3 ++-
 ceilometer/service.py                 | 4 ++++
 etc/ceilometer/ceilometer.conf.sample | 5 +++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ceilometer/central/manager.py b/ceilometer/central/manager.py
index 782b3a21..fae1298c 100644
--- a/ceilometer/central/manager.py
+++ b/ceilometer/central/manager.py
@@ -73,7 +73,8 @@ class AgentManager(agent.AgentManager):
             tenant_name=cfg.CONF.service_credentials.os_tenant_name,
             cacert=cfg.CONF.service_credentials.os_cacert,
             auth_url=cfg.CONF.service_credentials.os_auth_url,
-            region_name=cfg.CONF.service_credentials.os_region_name)
+            region_name=cfg.CONF.service_credentials.os_region_name,
+            insecure=cfg.CONF.service_credentials.insecure)
 
         super(AgentManager, self).interval_task(task)
 
diff --git a/ceilometer/service.py b/ceilometer/service.py
index 43754760..9cb51a7e 100644
--- a/ceilometer/service.py
+++ b/ceilometer/service.py
@@ -73,6 +73,10 @@ CLI_OPTIONS = [
                default=os.environ.get('OS_ENDPOINT_TYPE', 'publicURL'),
                help='Type of endpoint in Identity service catalog to use for '
                     'communication with OpenStack services.'),
+    cfg.BoolOpt('insecure',
+                default=False,
+                help='Does not perform X.509 certificate validation when'
+                     'establishing SSL connection with identity service.'),
 ]
 cfg.CONF.register_cli_opts(CLI_OPTIONS, group="service_credentials")
 
diff --git a/etc/ceilometer/ceilometer.conf.sample b/etc/ceilometer/ceilometer.conf.sample
index c8bbb2d7..f312a31a 100644
--- a/etc/ceilometer/ceilometer.conf.sample
+++ b/etc/ceilometer/ceilometer.conf.sample
@@ -709,6 +709,11 @@
 # communication with OpenStack services. (string value)
 #os_endpoint_type=publicURL
 
+# Does not perform X.509 certificate validation
+# whenestablishing SSL connection with identity service.
+# (boolean value)
+#insecure=false
+
 
 [dispatcher_file]