Comment 3 for bug 1858416

The charms deploy OVN with RBAC enabled, this in turn makes the database check client identity (CN of certificate) against which chassis it wants to makes writes against, if there is a mismatch it will be denied.

Could you provide the contents of the Open_vSwitch table which includes the external_id:hostname and external_id:system-id fields? (``ovs-vsctl list open_vswitch``)

Knowing the CN of the certificate in /etc/ovn and the host systems interpretation of its FQDN (``hostname -f``) would also be useful.

I guess the most complete way to get information on certificates would be:

    juju run --application ovn-chassis 'relation-ids certificates'
    juju run --application vault 'relation-get -r certificates:N - ovn-chassis/0'

And look at the 'common_name' and 'sans' keys