Fill DNS name for haproxy certificates

This sets the subject alt name field for the certificates we
auto-generate, which will remove the security warnings we constantly
see in the undercloud. This is the proper way to set certificates,
since the usage of the CN as a replacement for the subjectAltName is
being deprecated (very slowly).

Change-Id: I475cbffd47425e850902838eec06bf461df2acd0
Closes-Bug: #1622446

diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 2b738e6..0168227 100644 (file)
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -49,6 +49,7 @@ define tripleo::certmonger::haproxy (
 ){
     certmonger_certificate { "${title}-cert":
       hostname     => $hostname,
+      dnsname      => $hostname,
       certfile     => $service_certificate,
       keyfile      => $service_key,
       postsave_cmd => $postsave_cmd,