The units reboot one after other applying the new CA.
Actual behavior
The units do not reboot in order. Example, unit 0 applies new CA -> unit 1 applies new CA -> unit 0 applies new certs before unit 2 applies its new CA.
This is traced back to a stale databag state that checks if any of the other nodes are still CA rotating.
Steps to reproduce
The bug is flakey and sometimes does not happen.
Expected behavior
The units reboot one after other applying the new CA.
Actual behavior
The units do not reboot in order. Example, unit 0 applies new CA -> unit 1 applies new CA -> unit 0 applies new certs before unit 2 applies its new CA.
This is traced back to a stale databag state that checks if any of the other nodes are still CA rotating.
The
tls_ca_renewing
should already be set and this can be seen if you execute ajuju show-unit
at that stage.Versions
Operating system: Ubuntu 24.04.1 LTS
Juju CLI: 3.5.4-genericlinux-amd64
Juju agent: 3.5.3
Charm revision:
2/edge
branchLXD: 5.21.2 LTS
Log output
Juju debug log:
Additional context
logs_bug_happening.log logs_bug_not_happening.log