# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# Defaults to undef
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
$hostname,
$postsave_cmd,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = undef,
$principal = undef,
){
include ::certmonger
}
}
+ if $dnsnames {
+ $dnsnames_real = $dnsnames
+ } else {
+ $dnsnames_real = $hostname
+ }
+
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames_real,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# Defaults to undef
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = undef,
$principal = undef,
) {
include ::certmonger
include ::apache::params
+ if $dnsnames {
+ $dnsnames_real = $dnsnames
+ } else {
+ $dnsnames_real = $hostname
+ }
+
$postsave_cmd = "systemctl reload ${::apache::params::service_name}"
certmonger_certificate { $name :
ensure => 'present',
certfile => $service_certificate,
keyfile => $service_key,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames_real,
principal => $principal,
postsave_cmd => $postsave_cmd,
ca => $certmonger_ca,
Code Review / apex-puppet-tripleo.git / commitdiff