We do have mechanism to update the NRPE cfg files when any `identity-service-relation-changed` (e.g. enabling TLS for cinder, swift, even keystone itself ...). It will be automatic **if** you also relate `keystone:identity-notifications openstack-service-checks:identity-notifications`, and I've manually verified this. In case you forgot to create that relation, we also have an action called `refresh-endpoint-checks` to manually trigger the regeneration for NRPE cfg files. (Also see the README.md, for this charm https://git.launchpad.net/charm-openstack-service-checks/tree/src/README.md)
Also, we usually use vault to issue the certificates for the openstack services, so we don't need to configure `ssl_*` for keystone.
Hi @seyeongkim,
Thanks for the bug report!
We do have mechanism to update the NRPE cfg files when any `identity- service- relation- changed` (e.g. enabling TLS for cinder, swift, even keystone itself ...). It will be automatic **if** you also relate `keystone: identity- notifications openstack- service- checks: identity- notifications` , and I've manually verified this. In case you forgot to create that relation, we also have an action called `refresh- endpoint- checks` to manually trigger the regeneration for NRPE cfg files. (Also see the README.md, for this charm https:/ /git.launchpad. net/charm- openstack- service- checks/ tree/src/ README. md)
Also, we usually use vault to issue the certificates for the openstack services, so we don't need to configure `ssl_*` for keystone.