updating keystone endpoint doesn't trigger updating to openstack-service-checks

[sudeephb]

Even if we change keystone endpoint information e.g port from 80 to 443 by setting ssl_*.

openstack-service-checks doesn't update it to /etc/nagios/nrpe.d/check_swift_admin.cfg(e.g)

I would really appreciate if there is any idea.

for example, update-status checks endpoint and update the files..?(just idea)

Thanks.

---

Imported from Launchpad using lp2gh.

• date created: 2023-09-08T02:11:11Z

• owner: seyeongkim

• assignee: raychan96

• the launchpad url

[sudeephb]

(by raychan96) Hi seyeongkim,

Thanks for the bug report!

We do have mechanism to update the NRPE cfg files when any identity-service-relation-changed (e.g. enabling TLS for cinder, swift, even keystone itself ...). It will be automatic if you also relate keystone:identity-notifications openstack-service-checks:identity-notifications, and I've manually verified this. In case you forgot to create that relation, we also have an action called refresh-endpoint-checks to manually trigger the regeneration for NRPE cfg files. (Also see the README.md, for this charm https://git.launchpad.net/charm-openstack-service-checks/tree/src/README.md)

Also, we usually use vault to issue the certificates for the openstack services, so we don't need to configure ssl_* for keystone.

[sudeephb]

(by seyeongkim) raychan96 Thanks for the answer, It actually works in my test env.