This is used for the TLS-everywhere bits. It will be taken into account
by a metadata hook that outputs relevant entries for the nova-metadata
service; and subsequently kerberos principals will be created from
these.
Subsequent patches will add support for TLS in the internal network for
the containerized keystone.
Change-Id: Ic747ad9c8d6e76c8c16e347c1cdcabc899dd9f9a
- name: Stop and disable keystone service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [KeystoneBase, role_data, metadata_settings]