From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 12 Sep 2016 05:56:04 +0000 (+0300)
Subject: Fill DNS name for haproxy certificates
X-Git-Tag: opnfv-6.0.0~585^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=c3be01556a54e67a5046b0e7f8facf3e5f15e4f9;p=apex-puppet-tripleo.git

Fill DNS name for haproxy certificates

This sets the subject alt name field for the certificates we
auto-generate, which will remove the security warnings we constantly
see in the undercloud. This is the proper way to set certificates,
since the usage of the CN as a replacement for the subjectAltName is
being deprecated (very slowly).

Change-Id: I475cbffd47425e850902838eec06bf461df2acd0
Closes-Bug: #1622446
---

diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 2b738e6..0168227 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -49,6 +49,7 @@ define tripleo::certmonger::haproxy (
 ){
     certmonger_certificate { "${title}-cert":
       hostname     => $hostname,
+      dnsname      => $hostname,
       certfile     => $service_certificate,
       keyfile      => $service_key,
       postsave_cmd => $postsave_cmd,