Merge "Certificates permission fixed for libvirt vnc+tls"
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index f540de2..60700a7 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -47,8 +47,3 @@
           home: /var/lib/barbican
           shell: /bin/bash
           system: True
-      group:
-        barbican:
-          enabled: true
-          name: barbican
-          system: True
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index ef27fb6..f004c85 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -45,8 +45,3 @@
           home: /var/lib/barbican
           shell: /bin/bash
           system: True
-      group:
-        barbican:
-          enabled: true
-          name: barbican
-          system: True
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 87742e0..d9be1a5 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -1,6 +1,11 @@
 classes:
 - system.salt.minion.cert.libvirtd
 parameters:
+  _param:
+    nova_compute_libvirt_allowed_dn_list:
+      all:
+        enabled: true
+        value: '*CN=cmp*.${_param:cluster_domain}*'
   nova:
     compute:
       libvirt:
@@ -10,6 +15,7 @@
           key_file: ${_param:libvirtd_server_ssl_key_file}
           cert_file: ${_param:libvirtd_server_ssl_cert_file}
           ca_file: ${_param:libvirtd_ssl_ca_file}
+          allowed_dn_list: ${_param:nova_compute_libvirt_allowed_dn_list}
           client:
             key_file: ${_param:libvirtd_client_ssl_key_file}
             cert_file: ${_param:libvirtd_client_ssl_cert_file}