Merge "Certificates permission fixed for libvirt vnc+tls"
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index f540de2..60700a7 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -47,8 +47,3 @@
home: /var/lib/barbican
shell: /bin/bash
system: True
- group:
- barbican:
- enabled: true
- name: barbican
- system: True
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index ef27fb6..f004c85 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -45,8 +45,3 @@
home: /var/lib/barbican
shell: /bin/bash
system: True
- group:
- barbican:
- enabled: true
- name: barbican
- system: True
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 87742e0..d9be1a5 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -1,6 +1,11 @@
classes:
- system.salt.minion.cert.libvirtd
parameters:
+ _param:
+ nova_compute_libvirt_allowed_dn_list:
+ all:
+ enabled: true
+ value: '*CN=cmp*.${_param:cluster_domain}*'
nova:
compute:
libvirt:
@@ -10,6 +15,7 @@
key_file: ${_param:libvirtd_server_ssl_key_file}
cert_file: ${_param:libvirtd_server_ssl_cert_file}
ca_file: ${_param:libvirtd_ssl_ca_file}
+ allowed_dn_list: ${_param:nova_compute_libvirt_allowed_dn_list}
client:
key_file: ${_param:libvirtd_client_ssl_key_file}
cert_file: ${_param:libvirtd_client_ssl_cert_file}