Merge "Fix usage of Subject Alternative Name for TLS"

2022-01-27 16:53:28 +00:00 · 2022-01-27 16:53:28 +00:00 · 826dfb4547
commit 826dfb4547
parent 92e635bb0a 6409d62650
4 changed files with 8 additions and 6 deletions
--- a/ansible/roles/certificates/tasks/generate-backend.yml
+++ b/ansible/roles/certificates/tasks/generate-backend.yml
@ -39,6 +39,8 @@
    -CA "{{ root_dir }}/root.crt"
    -CAkey "{{ root_dir }}/root.key"
    -CAcreateserial
+    -extensions v3_req
+    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
    -out "{{ backend_dir }}/backend.crt"
    -days 500
    -sha256
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@ -46,6 +46,8 @@
        -CA "{{ root_dir }}/root.crt"
        -CAkey "{{ root_dir }}/root.key"
        -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla.cnf"
        -out "{{ external_dir }}/external.crt"
        -days 365
        -sha256
@ -114,6 +116,8 @@
        -CA "{{ root_dir }}/root.crt"
        -CAkey "{{ root_dir }}/root.key"
        -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf"
        -out "{{ internal_dir }}/internal.crt"
        -days 365
        -sha256
--- a/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_internal_fqdn }}

 [v3_req]
 subjectAltName = @alt_names
@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_internal_fqdn != kolla_internal_vip_address %}
 DNS.1 = {{ kolla_internal_fqdn }}
-{% else %}
-IP.1 = {{ kolla_internal_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_internal_vip_address }}
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_external_fqdn }}

 [v3_req]
 subjectAltName = @alt_names
@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
-{% else %}
-IP.1 = {{ kolla_external_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_external_vip_address }}