I assume the certificate is changed through Keystone Charm. From your description I also assume you use the Keystone ssl_ca, ssl_cert and ssl_key charm configuration options to change the certificate.
The existing classic charms currently handles this by reloading Apache in their config-changed hook when SSL is enabled.
Question:
How does the other reactive OpenStack Charms (aodh, gnocchi, etc) currently behave when a certificate is changed in this manner? Do they require manual restart/reload of Apache too?
If the other reactive OpenStack Charms has the same issue but the classic OpenStack Charms does not I am inclined to ask the question if this should be handled in conjunction with the reactive keystone interface layer instead of in charm-helpers? (https://github.com/openstack/charm-interface-keystone/)
Digging a bit deeper into this.
I assume the certificate is changed through Keystone Charm. From your description I also assume you use the Keystone ssl_ca, ssl_cert and ssl_key charm configuration options to change the certificate.
The existing classic charms currently handles this by reloading Apache in their config-changed hook when SSL is enabled.
Question:
How does the other reactive OpenStack Charms (aodh, gnocchi, etc) currently behave when a certificate is changed in this manner? Do they require manual restart/reload of Apache too?
If the other reactive OpenStack Charms has the same issue but the classic OpenStack Charms does not I am inclined to ask the question if this should be handled in conjunction with the reactive keystone interface layer instead of in charm-helpers? (https:/ /github. com/openstack/ charm-interface -keystone/)