© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
This issue will impact the tls-certificates and vault-kv interfaces as both make use of the remote unit name on the providing side when generating key prefixes for unit specific responses.
In a CMR context, the providing side sees obfuscated unit names rather than the actual unit name and the consuming side is looking for its local unit name in the data bag presented - so the relation never completes.
Fixing this requires a new pattern to be implemented to support this type of relation behaviour; as a starter for ten:
1) Consuming unit presents a 'response_nonce' key with a piece of unit specific data in it on the relation - this could be the hash of its unit name (ensuring we don't bleed the piece) + the model UUID thus generating something very specific to the unit and model it resides in.
2) The providing unit(s) uses the 'response_nonce' rather than the current munge of the remote unit name when generating responses for a specific unit.
This pattern can be used for the two vault interfaces and other CMR broken interfaces (such as the ceph mon and shared-db interfaces which also make use of unit names in data).