Ovn-central certificates not renewed

charm
,
#1

running juju run-action --wait vault/leader reissue-certificates does not seem to re-issue the ovn-central certificates, is there a way to force ovn to request a new certificate.

Here are a few more bits for data from ovn-central

juju show-application ovn-central
ovn-central:
  charm: ovn-central
  series: focal
  channel: stable
  principal: true
  exposed: false
  remote: false
  endpoint-bindings:
    "": os-public-api
    certificates: os-public-api
    nrpe-external-master: os-public-api
    ovsdb: os-public-api
    ovsdb-cms: os-public-api
    ovsdb-peer: os-public-api
    ovsdb-server: os-public-api

2022-10-22 03:13:23 INFO unit.ovn-central/2.juju-log server.go:327 Invoking reactive handler: reactive/layer_openstack.py:121:default_request_certificates
2022-10-22 03:13:23 WARNING unit.ovn-central/2.juju-log server.go:327 Skipping request for certificate for ip in int space, no local address found
2022-10-22 03:13:23 WARNING unit.ovn-central/2.juju-log server.go:327 Skipping request for certificate for ip in admin space, no local address found
2022-10-22 03:13:23 WARNING unit.ovn-central/2.juju-log server.go:327 Skipping request for certificate for ip in public space, no local address found

Is the ovn-central charm expecting that a space will be named one of int, admin, or public?

#2

It turns out it is a known issue, which also impacts neutron-api, and although I didn’t see it in the bug report, our experience was it also impacted ovn-chassis. https://bugs.launchpad.net/vault-charm/+bug/1940549

#3

Can you add your observation to the bug?

#4

it looks like corey.bryant already did and I just missed it

#5

Hi, we’ve run into this bug with ovn-central as well. When trying to implement the workaround listed in Bug #1940549 we were able to implement it successfully for ovn-chassis, however, ovn-central doesn’t appear to update after trying to apply the workaround to it (running the workaround targetting the ovn-central certificate on the non-leader vault units).

Were you able to execute the workaround on ovn-central successfully and/or were there any additional steps you took to fix?