Ovn-central not getting certificate from vault

Hi all,

I’m currently trying to deploy Openstack using a slightly tweaked version of the latest openstack-base bundle available on jaas.ai. The biggest difference is I have multiple subnets for seperation of the various different networks - ie internal, external, admin, ceph etc.

I’ve mostly got it deployed, the current issue is the ovn-central charm is giving:

'ovsdb-peer' incomplete, 'certificates' awaiting server certificate data

In the juju unit logs, I’m seeing:

2020-10-13 22:06:19 INFO juju-log Invoking reactive handler: reactive/layer_openstack.py:99:default_request_certificates
2020-10-13 22:06:19 WARNING juju-log Skipping request for certificate for ip in int space, no local address found
2020-10-13 22:06:19 WARNING juju-log Skipping request for certificate for ip in admin space, no local address found
2020-10-13 22:06:19 WARNING juju-log Skipping request for certificate for ip in public space, no local address found

I have IPs in that space on the LXD container, but perhaps they’re bound to the wrong interface? The bindings look like:

bindings:
  "": *oam-space
  ovsdb: *public-space
  ovsdb-cms: *admin-space
  ovsdb-peer: *internal-space

Its not really clear from the docs I’ve found what the expectations are for this. I’m going to start diving into the code, but if someone can give me some ideas that’d really help.

I’m deploying to Ubuntu 20.04 using the latest openstack-base bundle to run Ussuri, with juju 2.8.5 and MAAS 2.8.2 installed via snaps.

Please let me know if there’s any further information I can provide, I didn’t want to overload this with irrelevant information.

Thanks,
Brad

Many thanks to thedac who managed to point out that I had somehow missed the whole section on how to actually issue the certs. I had followed the bit about setting up Vault https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-vault.html), but missed the link to certificate management (https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-certificate-management.html), which details it all.

Onwards and upwards, next step is HA and more monitoring / metrics.