Comment 12 for bug 1952282

FWIW, the initial deployment using Vault went on just fine:

$ juju deploy --series jammy --channel quincy/stable ceph-dashboard ceph-dashboard-ssd
$ juju add-relation ceph-dashboard-ssd:dashboard ceph-mon-ssd:dashboard
$ juju add-relation ceph-dashboard-ssd:certificates vault:certificates

However then I decided to add my Let's encrypt certificate, driving things south:

$ juju config ceph-dashboard-ssd ssl_ca="$(sudo openssl crl2pkcs7 -nocrl -certfile /etc/letsencrypt/live/int.hrizn.cloud/fullchain.pem | openssl pkcs7 -print_certs -outform PEM | base64)" ssl_cert="$(sudo openssl x509 -in /etc/letsencrypt/live/int.hrizn.cloud/fullchain.pem -outform PEM | base64)" ssl_key="$(sudo cat /etc/letsencrypt/live/int.hrizn.cloud/privkey.pem | base64)"

$ juju config ceph-dashboard-ssd public-hostname="ceph.int.hrizn.cloud"

$ juju remove-relation ceph-dashboard-ssd:certificates vault:certificates

These messages flooded the Mon logs and dashboard units went to relation error state:

2023-07-23T23:39:46.364+0000 7f8df3621640 -1 mgr.server reply reply (5) Input/output error Module 'dashboard' has experienced an error and cannot handle commands: [('x509 certificate routines', '', 'key values mismatch')]

Resetting the SSL juju config keys, deleting the mgr config keys then adding the juju vault relation back did not make a difference to fix the issue:

$ juju config ceph-dashboard-ssd --reset ssl_ca
$ juju config ceph-dashboard-ssd --reset ssl_key
$ juju config ceph-dashboard-ssd --reset ssl_cert

root@juju-b096f0-88-lxd-0:/var/log/ceph# ceph config-key rm mgr/dashboard/ca
key deleted

root@juju-b096f0-88-lxd-0:/var/log/ceph# ceph config-key rm mgr/dashboard/key
key deleted

root@juju-b096f0-88-lxd-0:/var/log/ceph# ceph config-key rm mgr/dashboard/crt
key deleted

Any updates on the progress?

Thanks,
Alan