Fix ceilometer compute agent TLS and Region config

Add CAFile and Region template parameters to the compute agent
config generation, matching the central agent configuration.

Without CAFile, the compute agent's [service_credentials] section
lacks a cafile setting when TLS is enabled, causing Keystone SSL
verification failures. Without Region, compute agents in
multi-region deployments get no region_name configured.

Closes: OSPRH-27068

Author: jlarriba

internal/controller/ceilometer_controller.go

@@ -1397,6 +1397,7 @@ func (r *CeilometerReconciler) generateComputeServiceConfig(
 		"ceilometer_compute_image": instance.Spec.ComputeImage,
 		"ceilometer_ipmi_image":    instance.Spec.IpmiImage,
 		"TLS":                      false,
+		"Region":                   keystoneAPI.GetRegion(),
 	}
 
 	// Try to get Application Credential from the secret specified in the CR
@@ -1425,6 +1426,7 @@ func (r *CeilometerReconciler) generateComputeServiceConfig(
 		templateParameters["TLS"] = true
 		templateParameters["TlsCert"] = "/etc/ceilometer/tls/tls.crt"
 		templateParameters["TlsKey"] = "/etc/ceilometer/tls/tls.key"
+		templateParameters["CAFile"] = tls.DownstreamTLSCABundlePath
 	}
 
 	cms := []util.Template{

templates/ceilometercompute/config/ceilometer.conf

@@ -24,6 +24,9 @@ interface = internalURL
 {{ if (index . "Region") -}}
 region_name = {{ .Region }}
 {{ end -}}
+{{- if .TLS }}
+cafile = {{ .CAFile }}
+{{- end }}
 
 [compute]
 instance_discovery_method=libvirt_metadata