Merge "Add cluster_vip_address to alternative names"
diff --git a/ceilometer/server/backend/gnocchi.yml b/ceilometer/server/backend/gnocchi.yml
index 723d58c..6ebf45f 100644
--- a/ceilometer/server/backend/gnocchi.yml
+++ b/ceilometer/server/backend/gnocchi.yml
@@ -22,3 +22,19 @@
           enabled: true
           url: "notifier://?topic=${_param:openstack_event_alarm_topic}"
           publish_event: true
+  # default permissions in panko configuration files and ssl certificates are restricted
+  # to panko group, therefore ceilometer must have those permission to have ability to
+  # connect to panko's backend db
+  linux:
+    system:
+      group:
+        panko:
+          enabled: true
+      user:
+        ceilometer:
+          enabled: true
+          name: 'ceilometer'
+          home: '/var/lib/ceilometer'
+          shell: '/bin/false'
+          groups:
+            - 'panko'
diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index f499732..b53d07d 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -2,7 +2,7 @@
   _param:
     salt_minion_ca_host: kmn01.${_param:cluster_domain}
     salt_minion_ca_authority: salt_master_ca
-    barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+    barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
   salt:
     minion:
         cert: