kolla-ansible/ansible/roles/certificates/templates/openssl-kolla-backend.cnf.j2

[req]
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = US
stateOrProvinceName = NC
localityName = RTP
organizationalUnitName = kolla

[v3_req]
subjectAltName = @alt_names

[alt_names]
{% for host in groups['tls-backend']%}
IP.{{ loop.index }} = {{ 'api' | kolla_address(host) }}
{% endfor %}