Allow certmonger mysql resource to use several DNS names

This allows for several SubjectAltNames which will subsequently be
used for the replication traffic as well.

bp tls-via-certmonger

Change-Id: Ic68266eaf39d6803f7c3e299095578bbcfd63b88

1 files changed, 8 insertions, 1 deletions

diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp
index dd9b184..0988c55 100644
--- a/manifests/certmonger/mysql.pp
+++ b/manifests/certmonger/mysql.pp
@@ -31,6 +31,12 @@
 #   (Optional) The CA that certmonger will use to generate the certificates.
 #   Defaults to hiera('certmonger_ca', 'local').
 #
+# [*dnsnames*]
+#   (Optional) The DNS names that will be added for the SubjectAltNames entry
+#   in the certificate. If left unset, the value will be set to the $hostname.
+#   This parameter can take both a string or an array of strings.
+#   Defaults to $hostname
+#
 # [*principal*]
 #   (Optional) The haproxy service principal that is set for MySQL in kerberos.
 #   Defaults to undef
@@ -40,6 +46,7 @@ class tripleo::certmonger::mysql (
   $service_certificate,
   $service_key,
   $certmonger_ca = hiera('certmonger_ca', 'local'),
+  $dnsnames      = $hostname,
   $principal     = undef,
 ) {
   include ::certmonger
@@ -51,7 +58,7 @@ class tripleo::certmonger::mysql (
     certfile     => $service_certificate,
     keyfile      => $service_key,
     hostname     => $hostname,
-    dnsname      => $hostname,
+    dnsname      => $dnsnames,
     principal    => $principal,
     postsave_cmd => $postsave_cmd,
     ca           => $certmonger_ca,