aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-04-24 12:17:17 +0000
committerGerrit Code Review <review@openstack.org>2017-04-24 12:17:17 +0000
commit2fcf424a15d944b4aa352f0bde7cde8f8d466013 (patch)
tree7eb7a97679fc73001feebdfc920aecc93b6e5551
parent2e89f8ede8369d0a7445599d18ac562ca91e9ad0 (diff)
parent6990da87c36158677d2c1f78405f45c86e915767 (diff)
Merge "Enable setting SubjectaltNames for haproxy and httpd certs"
-rw-r--r--manifests/certmonger/haproxy.pp14
-rw-r--r--manifests/certmonger/httpd.pp14
2 files changed, 26 insertions, 2 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 6668440..a5d1bf8 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -40,6 +40,11 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# Defaults to undef
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
@@ -50,6 +55,7 @@ define tripleo::certmonger::haproxy (
$hostname,
$postsave_cmd,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = undef,
$principal = undef,
){
include ::certmonger
@@ -62,11 +68,17 @@ define tripleo::certmonger::haproxy (
}
}
+ if $dnsnames {
+ $dnsnames_real = $dnsnames
+ } else {
+ $dnsnames_real = $hostname
+ }
+
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames_real,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,
diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp
index 74c0b5a..e9754f7 100644
--- a/manifests/certmonger/httpd.pp
+++ b/manifests/certmonger/httpd.pp
@@ -31,6 +31,11 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# Defaults to undef
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
@@ -39,18 +44,25 @@ define tripleo::certmonger::httpd (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = undef,
$principal = undef,
) {
include ::certmonger
include ::apache::params
+ if $dnsnames {
+ $dnsnames_real = $dnsnames
+ } else {
+ $dnsnames_real = $hostname
+ }
+
$postsave_cmd = "systemctl reload ${::apache::params::service_name}"
certmonger_certificate { $name :
ensure => 'present',
certfile => $service_certificate,
keyfile => $service_key,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames_real,
principal => $principal,
postsave_cmd => $postsave_cmd,
ca => $certmonger_ca,