Comment 1 for bug 2034768

Revision history for this message
Chi Wai CHAN (raychan96) wrote :

Hi @seyeongkim,

Thanks for the bug report!

We do have mechanism to update the NRPE cfg files when any `identity-service-relation-changed` (e.g. enabling TLS for cinder, swift, even keystone itself ...). It will be automatic **if** you also relate `keystone:identity-notifications openstack-service-checks:identity-notifications`, and I've manually verified this. In case you forgot to create that relation, we also have an action called `refresh-endpoint-checks` to manually trigger the regeneration for NRPE cfg files. (Also see the README.md, for this charm https://git.launchpad.net/charm-openstack-service-checks/tree/src/README.md)

Also, we usually use vault to issue the certificates for the openstack services, so we don't need to configure `ssl_*` for keystone.