Make sure apache metadata is set for nova-metadata service
In case of cellv2 multicell environment nova-metadata is the only httpd managed service on the cell controller role. In case of tls-everywhere it is required that the cell controller host has ther needed metadata to be able to request the HTTP certificates. Otherwise the getcert request fails with "Insufficient 'add' privilege to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'" Change-Id: I57a49d1b7fc4c03b773f3a52b327584f537aca19
This commit is contained in:
parent
07302c3b7d
commit
89d605103c
deployment/nova
releasenotes/notes
@ -261,6 +261,8 @@ outputs:
|
||||
- not container_healthcheck_disabled
|
||||
- step|int == 5
|
||||
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 1
|
||||
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
In case of cellv2 multicell environment nova-metadata is the only
|
||||
httpd managed service on the cell controller role. In case of
|
||||
tls-everywhere it is required that the cell controller host has
|
||||
ther needed metadata to be able to request the HTTP certificates.
|
||||
Otherwise the getcert request fails with "Insufficient 'add' privilege
|
||||
to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
|
Loading…
x
Reference in New Issue
Block a user