9cb9618dc9
The undercloud supports enrolling itself as a FreeIPA client when configured to use TLS-everywhere. However, we recently hit a bug where the group permissions of the keytab were set to the old mistral user (tripleo-admin). This causes issues because more or what mistral did is being handled by ansible and the deployment user. This commit updates the group for the keytab to root, which the deployment users is already a member of. This keeps permission of the keytab strict but doesn't compromise usability by modifying the group in a way that requires the deployment user to re-authenticate to access it. Change-Id: Iacf5e6147f7ef02ba514b7dddc65383faa440826 Closes-Bug: 1886870 |
||
---|---|---|
.. | ||
undercloud-remove-novajoin.yaml | ||
undercloud-tls.yaml |