Merge "Fix usage of Subject Alternative Name for TLS"

826dfb45 · Zuul · Gerrit Code Review · 92e635bb · 6409d626 · 826dfb45
Commit 826dfb45 authored 3 years ago by Zuul Committed by Gerrit Code Review 3 years ago
--- a/ansible/roles/certificates/tasks/generate-backend.yml
+++ b/ansible/roles/certificates/tasks/generate-backend.yml
@@ -39,6 +39,8 @@
    -CA "{{ root_dir }}/root.crt"
    -CAkey "{{ root_dir }}/root.key"
    -CAcreateserial
+    -extensions v3_req
+    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
    -out "{{ backend_dir }}/backend.crt"
    -days 500
    -sha256

--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@@ -46,6 +46,8 @@
        -CA "{{ root_dir }}/root.crt"
        -CAkey "{{ root_dir }}/root.key"
        -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla.cnf"
        -out "{{ external_dir }}/external.crt"
        -days 365
        -sha256
@@ -114,6 +116,8 @@
        -CA "{{ root_dir }}/root.crt"
        -CAkey "{{ root_dir }}/root.key"
        -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf"
        -out "{{ internal_dir }}/internal.crt"
        -days 365
        -sha256

--- a/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
@@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_internal_fqdn }}
 [v3_req]
 subjectAltName = @alt_names
@@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_internal_fqdn != kolla_internal_vip_address %}
 DNS.1 = {{ kolla_internal_fqdn }}
-{% else %}
-IP.1 = {{ kolla_internal_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_internal_vip_address }}
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_external_fqdn }}
 [v3_req]
 subjectAltName = @alt_names
@@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
-{% else %}
-IP.1 = {{ kolla_external_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_external_vip_address }}