updating keystone endpoint doesn't trigger updating to openstack-service-checks

Bug #2034768 reported by Seyeong Kim
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Chi Wai CHAN

Bug Description

Even if we change keystone endpoint information e.g port from 80 to 443 by setting ssl_*.

openstack-service-checks doesn't update it to /etc/nagios/nrpe.d/check_swift_admin.cfg(e.g)

I would really appreciate if there is any idea.

for example, update-status checks endpoint and update the files..?(just idea)


Tags: bseng-1523 sts
Seyeong Kim (seyeongkim)
tags: added: sts
Eric Chen (eric-chen)
Changed in charm-openstack-service-checks:
status: New → Triaged
importance: Undecided → Medium
tags: added: bseng-1523
Eric Chen (eric-chen)
Changed in charm-openstack-service-checks:
milestone: none → 23.10
Revision history for this message
Chi Wai CHAN (raychan96) wrote :

Hi @seyeongkim,

Thanks for the bug report!

We do have mechanism to update the NRPE cfg files when any `identity-service-relation-changed` (e.g. enabling TLS for cinder, swift, even keystone itself ...). It will be automatic **if** you also relate `keystone:identity-notifications openstack-service-checks:identity-notifications`, and I've manually verified this. In case you forgot to create that relation, we also have an action called `refresh-endpoint-checks` to manually trigger the regeneration for NRPE cfg files. (Also see the README.md, for this charm https://git.launchpad.net/charm-openstack-service-checks/tree/src/README.md)

Also, we usually use vault to issue the certificates for the openstack services, so we don't need to configure `ssl_*` for keystone.

Changed in charm-openstack-service-checks:
assignee: nobody → Chi Wai CHAN (raychan96)
Revision history for this message
Seyeong Kim (seyeongkim) wrote :

Thanks for the answer, It actually works in my test env.

Eric Chen (eric-chen)
Changed in charm-openstack-service-checks:
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.