aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-19 12:33:19 +0000
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-21 08:39:18 +0000
commit5d36fa2348b2ff7aa8ad668f56b160515ed128fe (patch)
tree39ecf01f01fdc8a9fc33ebb3028e158492fc6158
parent8ca7a1e390ce50ac66a6861dae59bb44fbf0324a (diff)
Allow certmonger mysql resource to use several DNS names
This allows for several SubjectAltNames which will subsequently be used for the replication traffic as well. bp tls-via-certmonger Change-Id: Ic68266eaf39d6803f7c3e299095578bbcfd63b88
-rw-r--r--manifests/certmonger/mysql.pp9
1 files changed, 8 insertions, 1 deletions
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp
index dd9b184..0988c55 100644
--- a/manifests/certmonger/mysql.pp
+++ b/manifests/certmonger/mysql.pp
@@ -31,6 +31,12 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# This parameter can take both a string or an array of strings.
+# Defaults to $hostname
+#
# [*principal*]
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
# Defaults to undef
@@ -40,6 +46,7 @@ class tripleo::certmonger::mysql (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = $hostname,
$principal = undef,
) {
include ::certmonger
@@ -51,7 +58,7 @@ class tripleo::certmonger::mysql (
certfile => $service_certificate,
keyfile => $service_key,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames,
principal => $principal,
postsave_cmd => $postsave_cmd,
ca => $certmonger_ca,