At the time of the identity-service-relation-changed hook failure, /etc/apache2/sites-enabled/openstack_https_frontend.conf hasn't been rendered since ApacheSSLContext won't render until there is certificate data on the relation.
At the time of the identity-service-relation-changed hook failure, we have:
After a lot of 'juju resolve --no-retry keystone/1' the relation-get started showing the certificate data and /etc/apache2/sites-enabled/openstack_https_frontend.conf was finally rendered as a result, and we see
$ netstat -dnlp | grep 353
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN -
tcp6 0 0 :::35337 :::* LISTEN -
tcp6 0 0 :::35347 :::* LISTEN -
tcp6 0 0 :::35357 :::* LISTEN -
At the time of the identity- service- relation- changed hook failure, /etc/apache2/ sites-enabled/ openstack_ https_frontend. conf hasn't been rendered since ApacheSSLContext won't render until there is certificate data on the relation.
At the time of the identity- service- relation- changed hook failure, we have:
$ juju exec --unit keystone/1 "relation-get -r certificates:245 - vault/0"
egress-subnets: 10.246.168.97/32
ingress-address: 10.246.168.97
private-address: 10.246.168.97
but show-unit shows the certificate data is available on the relation:
$ juju show-unit keystone/1 endpoint: certificates -data: {}
egress- subnets: 10.246.168.97/32
ingress- address: 10.246.168.97
keystone_ 1.processed_ requests: '{"eth2. juju-ee22b4- 4-lxd-7. nosilo. lab1.solutionsq a":
{" cert": certificate data snipped>
private- address: 10.246.168.97
- relation-id: 245
endpoint: certificates
related-
application
related-units:
vault/0:
in-scope: true
data:
...
...
After a lot of 'juju resolve --no-retry keystone/1' the relation-get started showing the certificate data and /etc/apache2/ sites-enabled/ openstack_ https_frontend. conf was finally rendered as a result, and we see
$ netstat -dnlp | grep 353
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN -
tcp6 0 0 :::35337 :::* LISTEN -
tcp6 0 0 :::35347 :::* LISTEN -
tcp6 0 0 :::35357 :::* LISTEN -