diff options
Diffstat (limited to 'manifests/certmonger')
| -rw-r--r-- | manifests/certmonger/ca/crl.pp | 6 | ||||
| -rw-r--r-- | manifests/certmonger/ca/local.pp | 2 | ||||
| -rw-r--r-- | manifests/certmonger/mysql.pp | 9 |
3 files changed, 12 insertions, 5 deletions
diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp index 59a3681..2454460 100644 --- a/manifests/certmonger/ca/crl.pp +++ b/manifests/certmonger/ca/crl.pp @@ -49,7 +49,7 @@ # (optional) Defaults to '0'. # # [*hour*] -# (optional) Defaults to '1'. +# (optional) Defaults to '*/2'. # # [*monthday*] # (optional) Defaults to '*'. @@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl ( $crl_preprocessed = '/etc/pki/CA/crl/overcloud-crl.bin', $crl_preprocessed_format = 'DER', $minute = '0', - $hour = '1', + $hour = '*/2', $monthday = '*', $month = '*', - $weekday = '6', + $weekday = '*', $maxdelay = 0, $reload_cmds = [], ) { diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp index b7b7328..78dc09a 100644 --- a/manifests/certmonger/ca/local.pp +++ b/manifests/certmonger/ca/local.pp @@ -34,6 +34,6 @@ class tripleo::certmonger::ca::local( creates => $ca_pem, tries => 5, try_sleep => 1, - require => Service['certmonger'], } + Service['certmonger'] ~> Exec<| title == 'extract-and-trust-ca' |> } diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp index dd9b184..0988c55 100644 --- a/manifests/certmonger/mysql.pp +++ b/manifests/certmonger/mysql.pp @@ -31,6 +31,12 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # +# [*dnsnames*] +# (Optional) The DNS names that will be added for the SubjectAltNames entry +# in the certificate. If left unset, the value will be set to the $hostname. +# This parameter can take both a string or an array of strings. +# Defaults to $hostname +# # [*principal*] # (Optional) The haproxy service principal that is set for MySQL in kerberos. # Defaults to undef @@ -40,6 +46,7 @@ class tripleo::certmonger::mysql ( $service_certificate, $service_key, $certmonger_ca = hiera('certmonger_ca', 'local'), + $dnsnames = $hostname, $principal = undef, ) { include ::certmonger @@ -51,7 +58,7 @@ class tripleo::certmonger::mysql ( certfile => $service_certificate, keyfile => $service_key, hostname => $hostname, - dnsname => $hostname, + dnsname => $dnsnames, principal => $principal, postsave_cmd => $postsave_cmd, ca => $certmonger_ca, |