Comment 4 for bug 1812813

Hi, I faced this issue recently. My conclusion is that quantum-network-service relation should be outdated from Rocky onward.

We can see from:
https://github.com/openstack/charm-neutron-gateway/blob/7e68feed95eb9489184914cf218265d4a30558e2/hooks/neutron_hooks.py#L173

That, if we are running Rocky or later + a secret has been shared from nova-cc to neutron-gw, neutron-gw charm will disable and mask nova-api-metadata service.

However, on nova-cc side, that will always happen on quantum-network-service. We can check that a -joined relation runs:
https://github.com/openstack/charm-nova-cloud-controller/blob/65ed6620c7594cac914d21c2203742f63dc43d17/hooks/nova_cc_hooks.py#L978

Which leads to always sharing a secret if running Rocky or later:
https://github.com/openstack/charm-nova-cloud-controller/blob/86bb59ec3e85b354e65c2f6db0d864239600d5df/hooks/nova_cc_utils.py#L1914
https://github.com/openstack/charm-nova-cloud-controller/blob/86bb59ec3e85b354e65c2f6db0d864239600d5df/hooks/nova_cc_utils.py#L1851

It effectively means that nova-api-metadata will be installed, but then disconfigured and masked.

However, the nrpe-check remains, as well as the broken service: https://pastebin.canonical.com/p/txjFcNX7Vd/

My suggestion is to deprecate this relation and make it optional for neutron-gw & nova-cc.