From 80c0d697b5be96ec4179560c85c171bfadeff198 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Mon, 2 Dec 2019 18:49:45 +0100 Subject: [PATCH] Relax filtering in krb-service-principals jinja The filtering added to fix Bug: #1821377 filters any network without a VIP address. This filtering is to agressive and cause deployment failure when a management network without a VIP is used. Change-Id: If189eb6fc0b2dc2c78323a7c08f7e303be2b6124 Resolves: rhbz#1778719 Closes-Bug: #1854846 (cherry picked from commit af79ae34ad9a3ed1581c0f6df91fa1e3ef0f8433) --- .../nova_metadata/krb-service-principals/role.role.j2.yaml | 2 +- ...als-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml diff --git a/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml b/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml index a101972eab..d8789f4eac 100644 --- a/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml +++ b/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml @@ -60,7 +60,7 @@ resources: role_data: {get_param: RoleData} role_networks: - ctlplane -{%- for network in networks if network.vip|default(false) and network.name in role.networks %} +{%- for network in networks if network.name in role.networks %} {%- if network.service_net_map_replace is defined %} - {{network.service_net_map_replace}} {%- else %} diff --git a/releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml b/releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml new file mode 100644 index 0000000000..aff47683d8 --- /dev/null +++ b/releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes an issue where filtering of networks for kerberos service principals + was too aggressive, causing deployment failure. See bug `1854846 + `_. +