Prometheus Openstack Exporter Charm

No way to retrieve root CA through Vault relation

Bug #1939465 reported by Nobuto Murata on 2021-08-11

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Prometheus Openstack Exporter Charm	New	Undecided	Unassigned

Bug Description

The charm has ssl_ca option to upload a custom CA. However, using Vault as a root CA or an intermediate CA and getting the CA file through vault:certificates relation is also common in OpenStack deployments.
https://jaas.ai/prometheus-openstack-exporter#charm-config-ssl_ca

It would be nice to have a Vault relation with prometheus-openstack-exporter so it works out of the box. At this moment, this kind of SSL errors are not surfaced to an user in a nice way like juju status or /metrics endpoint so it's tricky to troubleshoot sometimes.
https://bugs.launchpad.net/prometheus-openstack-exporter-snap/+bug/1823011/comments/4

Revision history for this message

Nobuto Murata (nobuto) wrote on 2021-08-11:

Current manual way is as follows after the initial deployment:

$ juju config prometheus-openstack-exporter \
ssl_ca="$(juju run -u vault/leader -- leader-get root-ca)"

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.