summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-04-18 15:48:02 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-04-18 15:48:02 +0300
commit6990da87c36158677d2c1f78405f45c86e915767 (patch)
tree019023f50dd505a58f9aa73fad0d17d6dc79766d /manifests
parent7567c71e4780b3508b752efe99f5215094f2c141 (diff)
Enable setting SubjectaltNames for haproxy and httpd certs
This enables setting the subjectAltNames for HAProxy and httpd certs. These will eventually replace the usage of many certs, to have instead just one that has several subjectAltNames. Change-Id: Icd152c8e0389b6a104381ba6ab4e0944e9828ba3
Diffstat (limited to 'manifests')
-rw-r--r--manifests/certmonger/haproxy.pp14
-rw-r--r--manifests/certmonger/httpd.pp14
2 files changed, 26 insertions, 2 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 6668440..a5d1bf8 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -40,6 +40,11 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# Defaults to undef
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
@@ -50,6 +55,7 @@ define tripleo::certmonger::haproxy (
$hostname,
$postsave_cmd,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = undef,
$principal = undef,
){
include ::certmonger
@@ -62,11 +68,17 @@ define tripleo::certmonger::haproxy (
}
}
+ if $dnsnames {
+ $dnsnames_real = $dnsnames
+ } else {
+ $dnsnames_real = $hostname
+ }
+
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames_real,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,
diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp
index 74c0b5a..e9754f7 100644
--- a/manifests/certmonger/httpd.pp
+++ b/manifests/certmonger/httpd.pp
@@ -31,6 +31,11 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# Defaults to undef
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
@@ -39,18 +44,25 @@ define tripleo::certmonger::httpd (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = undef,
$principal = undef,
) {
include ::certmonger
include ::apache::params
+ if $dnsnames {
+ $dnsnames_real = $dnsnames
+ } else {
+ $dnsnames_real = $hostname
+ }
+
$postsave_cmd = "systemctl reload ${::apache::params::service_name}"
certmonger_certificate { $name :
ensure => 'present',
certfile => $service_certificate,
keyfile => $service_key,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames_real,
principal => $principal,
postsave_cmd => $postsave_cmd,
ca => $certmonger_ca,