Description
When integrating OpenSearch with the S3 integrator configured with MicroCeph using a private CA, we add the MicroCeph CA certificate to the Java truststore of the OpenSearch unit.
Expected behavior:
After adding the CA to the Java truststore, OpenSearch must be restarted for the new CA to be trusted.
Observed behavior:
In some cases, OpenSearch starts trusting the newly added CA without any service restart, and the S3 repository becomes functional immediately. In other cases, a restart is strictly required.
This inconsistent behavior needs investigation to ensure deterministic behavior.
Steps to Reproduce
- Deploy OpenSearch.
- Deploy MicroCeph with a private CA.
- Relate OpenSearch with the S3 integrator configured to use MicroCeph.
- Check the logs to see Opensearch restarts
Description
When integrating OpenSearch with the S3 integrator configured with MicroCeph using a private CA, we add the MicroCeph CA certificate to the Java truststore of the OpenSearch unit.
Expected behavior:
After adding the CA to the Java truststore, OpenSearch must be restarted for the new CA to be trusted.
Observed behavior:
In some cases, OpenSearch starts trusting the newly added CA without any service restart, and the S3 repository becomes functional immediately. In other cases, a restart is strictly required.
This inconsistent behavior needs investigation to ensure deterministic behavior.
Steps to Reproduce