Make sure apache metadata is set for nova-metadata service
In case of cellv2 multicell environment nova-metadata is the only
httpd managed service on the cell controller role. In case of
tls-everywhere it is required that the cell controller host has
ther needed metadata to be able to request the HTTP certificates.
Otherwise the getcert request fails with "Insufficient 'add' privilege
to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
Change-Id: I57a49d1b7fc4c03b773f3a52b327584f537aca19
(cherry picked from commit 89d605103c
)
This commit is contained in:
parent
d325392623
commit
47ec461644
|
@ -269,6 +269,8 @@ outputs:
|
|||
msg: nova-metadata isn't working (healthcheck failed)
|
||||
when: nova_metadata_healthcheck_state.status.ExecMainStatus != '0'
|
||||
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 1
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
In case of cellv2 multicell environment nova-metadata is the only
|
||||
httpd managed service on the cell controller role. In case of
|
||||
tls-everywhere it is required that the cell controller host has
|
||||
ther needed metadata to be able to request the HTTP certificates.
|
||||
Otherwise the getcert request fails with "Insufficient 'add' privilege
|
||||
to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
|
Loading…
Reference in New Issue