From c3be01556a54e67a5046b0e7f8facf3e5f15e4f9 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 12 Sep 2016 08:56:04 +0300
Subject: Fill DNS name for haproxy certificates

This sets the subject alt name field for the certificates we
auto-generate, which will remove the security warnings we constantly
see in the undercloud. This is the proper way to set certificates,
since the usage of the CN as a replacement for the subjectAltName is
being deprecated (very slowly).

Change-Id: I475cbffd47425e850902838eec06bf461df2acd0
Closes-Bug: #1622446
---
 manifests/certmonger/haproxy.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'manifests/certmonger')

diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 2b738e6..0168227 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -49,6 +49,7 @@ define tripleo::certmonger::haproxy (
 ){
     certmonger_certificate { "${title}-cert":
       hostname     => $hostname,
+      dnsname      => $hostname,
       certfile     => $service_certificate,
       keyfile      => $service_key,
       postsave_cmd => $postsave_cmd,
-- 
cgit 1.2.3-korg