Setting new ssh_key and after that new ssh_cert results in apache2 not running
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack AODH Charm |
New
|
Undecided
|
Unassigned | ||
Bug Description
The issue was discovered while working on a reconfiguration of aodh units, but possibly is in a shared layer and affects multiple openstack charms.
While renewing ssl certificate and key via charm config I observed the following behavior:
1. Update ssl_key:
juju config aodh ssl_key="$(base64 new_ssl_key)"
2. Apache2 stops working as at the moment the old certificate and the new key don't match
3. Update ssl_cert:
juju config aodh ssl_cert="$(base64 new_ssl_cert)"
4. Now ssl key and cert match but charm tries to reload apache2 which can't work given apache2 is not running because of the previous mismatch.
Workaround is to start apache2:
juju run -a aodh "systemctl start apache2"
At step 4, charm may check if apache2 is not running and try to start it instead of reloading.
Same should happen if a new cert is provided before setting the new key.
The issue can be avoided setting ssl_key and cert at the same time:
juju config aodh ssl_key="$(base64 new_ssl_key)" ssl_cert="$(base64 new_ssl_cert)"
