Comment 2 for bug 1915504

After SSHing to that system I confirm that the certificate is fine as `wget https://keystone-int.orangebox84.ru:35357` works well on nova-cloud-controller/0 but not on nova-compute/0.

/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt exists on nova-cloud-controller/0 but not on nova-compute/0. There is no vault in this setup so nova-compute wants to receive this certificate as `ca_cert` value on its `cloud-credentials` relation to nova-cloud-controller. [0] This data hasn't been passed onto the relation. This can be checked with:

$ juju run -u nova-compute-kvm/0 -- relation-ids cloud-compute
cloud-compute:60
$ juju run -u nova-compute-kvm/0 -- relation-get -r 60 - nova-cloud-controller/0

nova-cloud-controller's code for setting `ca_cert` on the relation to nova-compute [1] is called only when the relation is joined, and never ever again. This may be a problem, although this isn't what is happening here because removing and re-adding the relation doesn't help. Still digging.

[0] https://github.com/openstack/charm-nova-compute/blob/master/hooks/nova_compute_utils.py#L747
[1] https://github.com/openstack/charm-nova-cloud-controller/blob/master/hooks/nova_cc_hooks.py#L680