tripleo-heat-templates/deployment/tls
Lance Bragstad 9cb9618dc9 Update undercloud TLS template with proper keytab group
The undercloud supports enrolling itself as a FreeIPA client when
configured to use TLS-everywhere. However, we recently hit a bug where
the group permissions of the keytab were set to the old mistral user
(tripleo-admin). This causes issues because more or what mistral did is
being handled by ansible and the deployment user.

This commit updates the group for the keytab to root, which the
deployment users is already a member of. This keeps permission of the
keytab strict but doesn't compromise usability by modifying the group in
a way that requires the deployment user to re-authenticate to access it.

Change-Id: Iacf5e6147f7ef02ba514b7dddc65383faa440826
Closes-Bug: 1886870
2021-04-22 16:47:43 +00:00
..
undercloud-remove-novajoin.yaml Use 'wallaby' heat_template_version 2021-03-31 17:35:12 +05:30
undercloud-tls.yaml Update undercloud TLS template with proper keytab group 2021-04-22 16:47:43 +00:00