Merge "Make sure apache metadata is set for nova-metadata service" into stable/victoria
This commit is contained in:
commit
759143548f
|
@ -261,6 +261,8 @@ outputs:
|
||||||
- not container_healthcheck_disabled
|
- not container_healthcheck_disabled
|
||||||
- step|int == 5
|
- step|int == 5
|
||||||
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 1
|
- step|int == 1
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
In case of cellv2 multicell environment nova-metadata is the only
|
||||||
|
httpd managed service on the cell controller role. In case of
|
||||||
|
tls-everywhere it is required that the cell controller host has
|
||||||
|
ther needed metadata to be able to request the HTTP certificates.
|
||||||
|
Otherwise the getcert request fails with "Insufficient 'add' privilege
|
||||||
|
to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
|
Loading…
Reference in New Issue