Make sure apache metadata is set for nova-metadata service

In case of cellv2 multicell environment nova-metadata is the only httpd managed service on the cell controller role. In case of tls-everywhere it is required that the cell controller host has ther needed metadata to be able to request the HTTP certificates. Otherwise the getcert request fails with "Insufficient 'add' privilege to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'" Change-Id: I57a49d1b7fc4c03b773f3a52b327584f537aca19
2020-11-18 14:32:26 +01:00 · 2020-11-18 14:32:26 +01:00 · 89d605103c
parent 07302c3b7d
commit 89d605103c
2 changed files with 11 additions and 0 deletions
--- a/deployment/nova/nova-metadata-container-puppet.yaml
+++ b/deployment/nova/nova-metadata-container-puppet.yaml
@ -261,6 +261,8 @@ outputs:
            - not container_healthcheck_disabled
            - step|int == 5
      host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
+      metadata_settings:
+        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      external_upgrade_tasks:
        - when:
            - step|int == 1
--- a/releasenotes/notes/nova_metadata_http_cert_metadata-274e7e8a66727983.yaml
+++ b/releasenotes/notes/nova_metadata_http_cert_metadata-274e7e8a66727983.yaml
@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    In case of cellv2 multicell environment nova-metadata is the only
+    httpd managed service on the cell controller role. In case of
+    tls-everywhere it is required that the cell controller host has
+    ther needed metadata to be able to request the HTTP certificates.
+    Otherwise the getcert request fails with "Insufficient 'add' privilege
+    to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'"