I'm having a helluva time reproducing this issue. Can you describe how you initial built your environment before enabling HTTPS? Was nova-c-c peered and/or clustered? Are you sure you were deploying the most recent charm revision /w newest branch changes? bzr revs 71 and 72 dealt with an issue of the endpoint not reconfiguring after adding clustering, since the original reconfig hooks were not sending all required settings. Late-enabling HTTPS should be limited to identity-changed, though.
I've just tested again by enabling HTTPS after the entire catalog has been populated by haclustererd services (all endpoints pointing to http://$VIP/etc/). After nova-c-c has reconfigured its reverse proxying, it flushes the following settings back to KS, compute and quantum:
If you can test once again, and possibly keep an eye on the nova-c-c leader's charm log, to see what settings change? The required 'region' and 'service' settings should already be set there from the first, non-HTTPS negiotion.
RE: the second bug/trace, I believe this is due to the nova-c-c service reconfiguring itself to listen HTTPS on the ports, but the catalog not being updated to specify https:// there.
I'm having a helluva time reproducing this issue. Can you describe how you initial built your environment before enabling HTTPS? Was nova-c-c peered and/or clustered? Are you sure you were deploying the most recent charm revision /w newest branch changes? bzr revs 71 and 72 dealt with an issue of the endpoint not reconfiguring after adding clustering, since the original reconfig hooks were not sending all required settings. Late-enabling HTTPS should be limited to identity-changed, though.
I've just tested again by enabling HTTPS after the entire catalog has been populated by haclustererd services (all endpoints pointing to http:// $VIP/etc/). After nova-c-c has reconfigured its reverse proxying, it flushes the following settings back to KS, compute and quantum:
2013-02-27 15:09:31,482: hook.output@DEBUG: Flushed values for hook 'identity- service- relation- changed' on 'identity- service: 27' /192.168. 77.2:8773/ services/ Cloud' (was 'http:// 192.168. 77.2:8773/ services/ Cloud') url'=u'https:/ /192.168. 77.2:8773/ services/ Cloud' (was 'http:// 192.168. 77.2:8773/ services/ Cloud') /192.168. 77.2:8773/ services/ Cloud' (was 'http:// 192.168. 77.2:8773/ services/ Cloud') /192.168. 77.2:8774/ v1.1/$( tenant_ id)s' (was 'http:// 192.168. 77.2:8774/ v1.1/$( tenant_ id)s') url'=u'https:/ /192.168. 77.2:8774/ v1.1/$( tenant_ id)s' (was 'http:// 192.168. 77.2:8774/ v1.1/$( tenant_ id)s') url'=u'https:/ /192.168. 77.2:8774/ v1.1/$( tenant_ id)s' (was 'http:// 192.168. 77.2:8774/ v1.1/$( tenant_ id)s') admin_url' =u'https:/ /192.168. 77.2:9696' (was 'http:// 192.168. 77.2:9696') internal_ url'=u'https:/ /192.168. 77.2:9696' (was 'http:// 192.168. 77.2:9696') public_ url'=u'https:/ /192.168. 77.2:9696' (was 'http:// 192.168. 77.2:9696') /192.168. 77.2:3333' (was 'http:// 192.168. 77.2:3333') url'=u'https:/ /192.168. 77.2:3333' (was 'http:// 192.168. 77.2:3333') /192.168. 77.2:3333' (was 'http:// 192.168. 77.2:3333') =u'LS0tLS1CRUdJ TiBDRVJUSUZJQ0F URS0tLS0tCk1JSU NvekNDQWd5Z0F3S UJBZ0lCQVRBTkJn a3Fo\na2lHOXcwQ kFRVUZBREJy (was unset) on 'cloud-compute:47' /192.168. 77.2:9696' (was 'http:// 192.168. 77.2:9696') on 'cloud-compute:47' =u'LS0tLS1CRUdJ TiBDRVJUSUZJQ0F URS0tLS0tCk1JSU NvekNDQWd5Z0F3S UJBZ0lCQVRBTkJn a3Fo\na2lHOXcwQ kFRVUZBREJy (was unset) on 'quantum- network- service: 40' /192.168. 77.2:9696' (was 'http:// 192.168. 77.2:9696') on 'quantum- network- service: 40' DEBUG: Hook complete: /var/lib/ juju/units/ nova-cloud- controller- hooks/identity- service- relation- changed
Setting changed: 'ec2_admin_url'=u'https:/
Setting changed: 'ec2_internal_
Setting changed: 'ec2_public_url'=u'https:/
Setting changed: 'nova_admin_url'=u'https:/
Setting changed: 'nova_internal_
Setting changed: 'nova_public_
Setting changed: 'quantum_
Setting changed: 'quantum_
Setting changed: 'quantum_
Setting changed: 's3_admin_url'=u'https:/
Setting changed: 's3_internal_
Setting changed: 's3_public_url'=u'https:/
Setting changed: u'ca_cert'
Setting changed: 'quantum_url'=u'https:/
Setting changed: u'ca_cert'
Setting changed: 'quantum_url'=u'https:/
2013-02-27 15:09:31,483: hook.executor@
2/charm/
If you can test once again, and possibly keep an eye on the nova-c-c leader's charm log, to see what settings change? The required 'region' and 'service' settings should already be set there from the first, non-HTTPS negiotion.
RE: the second bug/trace, I believe this is due to the nova-c-c service reconfiguring itself to listen HTTPS on the ports, but the catalog not being updated to specify https:// there.