Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 9e44d4de181fccaa08436074f9eb571d979810c9^2..9e44d4de181fccaa08436074f9eb571d979810c9 / .
commit9e44d4de181fccaa08436074f9eb571d979810c9[log] [tgz]
authormcp-jenkins <mcp-jenkins@mirantis.com>Wed Oct 03 14:14:51 2018 +0000
committerGerrit Code Review <mail@domain.com>Wed Oct 03 14:14:51 2018 +0000
tree8c61cdf68eec896b8ab77ce631db62986fb3bbce
parentf89a75a042fc56dc48a8c09ecdc2a941900b6ec0 [diff]
parent58b608b4533e1a74e7e937fe7637cb053bd6d522 [diff]
Merge "Certificates permission fixed for libvirt vnc+tls"
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index f540de2..60700a7 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml

@@ -47,8 +47,3 @@
           home: /var/lib/barbican
           shell: /bin/bash
           system: True
-      group:
-        barbican:
-          enabled: true
-          name: barbican
-          system: True

diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index ef27fb6..f004c85 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml

@@ -45,8 +45,3 @@
           home: /var/lib/barbican
           shell: /bin/bash
           system: True
-      group:
-        barbican:
-          enabled: true
-          name: barbican
-          system: True

diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 87742e0..d9be1a5 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml

@@ -1,6 +1,11 @@
 classes:
 - system.salt.minion.cert.libvirtd
 parameters:
+  _param:
+    nova_compute_libvirt_allowed_dn_list:
+      all:
+        enabled: true
+        value: '*CN=cmp*.${_param:cluster_domain}*'
   nova:
     compute:
       libvirt:
@@ -10,6 +15,7 @@
           key_file: ${_param:libvirtd_server_ssl_key_file}
           cert_file: ${_param:libvirtd_server_ssl_cert_file}
           ca_file: ${_param:libvirtd_ssl_ca_file}
+          allowed_dn_list: ${_param:nova_compute_libvirt_allowed_dn_list}
           client:
             key_file: ${_param:libvirtd_client_ssl_key_file}
             cert_file: ${_param:libvirtd_client_ssl_cert_file}