diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-04-24 12:17:17 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-04-24 12:17:17 +0000 |
| commit | 2fcf424a15d944b4aa352f0bde7cde8f8d466013 (patch) | |
| tree | 7eb7a97679fc73001feebdfc920aecc93b6e5551 /manifests/certmonger/haproxy.pp | |
| parent | 2e89f8ede8369d0a7445599d18ac562ca91e9ad0 (diff) | |
| parent | 6990da87c36158677d2c1f78405f45c86e915767 (diff) | |
Merge "Enable setting SubjectaltNames for haproxy and httpd certs"
Diffstat (limited to 'manifests/certmonger/haproxy.pp')
| -rw-r--r-- | manifests/certmonger/haproxy.pp | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 6668440..a5d1bf8 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -40,6 +40,11 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # +# [*dnsnames*] +# (Optional) The DNS names that will be added for the SubjectAltNames entry +# in the certificate. If left unset, the value will be set to the $hostname. +# Defaults to undef +# # [*principal*] # The haproxy service principal that is set for HAProxy in kerberos. # @@ -50,6 +55,7 @@ define tripleo::certmonger::haproxy ( $hostname, $postsave_cmd, $certmonger_ca = hiera('certmonger_ca', 'local'), + $dnsnames = undef, $principal = undef, ){ include ::certmonger @@ -62,11 +68,17 @@ define tripleo::certmonger::haproxy ( } } + if $dnsnames { + $dnsnames_real = $dnsnames + } else { + $dnsnames_real = $hostname + } + certmonger_certificate { "${title}-cert": ensure => 'present', ca => $certmonger_ca, hostname => $hostname, - dnsname => $hostname, + dnsname => $dnsnames_real, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, |