when enabling ssl need to restart backend service before apache

I am now also seeing this happen with the Glance charm but to be honest this is an issue that all our SSL-enabled charms will be prone to until they implement strictly ordered restarts i.e. stop(apache2, haproxy, <service>) then start(<service> -> haproxy -> apache2)

use of stopstart=true should fix this up

On Wed, Dec 2, 2015 at 11:13 AM, Edward Hope-Morley <
<email address hidden>> wrote:

> ** Changed in: glance (Juju Charms Collection)
> Assignee: (unassigned) => Edward Hope-Morley (hopem)
>
> ** Changed in: keystone (Juju Charms Collection)
> Assignee: (unassigned) => Edward Hope-Morley (hopem)
>
> ** Changed in: glance (Juju Charms Collection)
> Status: Triaged => In Progress
>
> ** Changed in: keystone (Juju Charms Collection)
> Status: Triaged => In Progress
>
> --
> You received this bug notification because you are a member of OpenStack
> Charmers, which is subscribed to glance in Juju Charms Collection.
> https://bugs.launchpad.net/bugs/1477137
>
> Title:
> when enabling ssl need to restart keystone before apache
>
> Status in glance package in Juju Charms Collection:
> In Progress
> Status in keystone package in Juju Charms Collection:
> In Progress
>
> Bug description:
> If i deploy keystone in http mode (use-https=no, https-service-
> endpoints=False) then I enable https, i get an error [1] in the leader
> unit because the charm wants to connect to keystone on port 35337 yet
> keystone is still listening on 35347 because it was not restarted
> after its conf file was changed. Result is that apache wants to claim
> port 35347 and forward to keystone on 35337 but keystone was not
> properly restarted when its admin_port was changed so apache fails to
> start. This is resolved by simply restarting keystone then apache and
> in that order.
>
> [1] http://paste.ubuntu.com/11919790/
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/charms/+source/glance/+bug/1477137/+subscriptions
>

Marking as invalid for keystone as keystone now runs through mod_wsgi. However, it still looks to be an issue for glance. I don't think stopstart=true would fix this issue either. There seems to be a misconception that stopstart=true triggers all services to be stopped and then all started but it doesn't. Each service in turn is stopped and then immediately started (rather than restarted) meaning that ordering is still an issue

Related fix proposed to branch: master
Review: https://review.openstack.org/587481

Yesterday, I tested the following:
- Deploy a minimal test environment with Bionic and OpenStack Queens with HTTP only (see https://github.com/openstack/charm-glance/blob/1cc162e5e5c93b8e230a9586872c37a703bba9a7/tests/basic_deployment.py#L67-L89)
- Check that I can create/delete an image
- Change the configuration to HTTPS (ssl_cert, ssl_ca and ssl_key)
- Check that I can create/delete an image with the new HTTPS endpoint
- Create WIP test that automates that (see https://review.openstack.org/#/c/587481/)

And I could never observe what you described in this bug.
Could you tell if you encounter those symptoms again or if by chance that bug was already fixed?

Given Nicolas' comment, I'm marking this as incomplete pending an update where this is still being experienced.

[Expired for OpenStack glance charm because there has been no activity for 60 days.]

Change abandoned by Sean McGinnis (<email address hidden>) on branch: master
Review: https://review.opendev.org/587481
Reason: I don't believe this is needed now. Feel free to restore and update if it is.