From 785eb98d5a4bf22598d033bf36f93a980e5b5806 Mon Sep 17 00:00:00 2001 From: Hongbin Lu Date: Sun, 10 Apr 2016 20:31:39 -0400 Subject: [PATCH] Add subjectAltName back to CSR config Depends-On: I5012dc0900b442cdf11273ee4e970258d13acbad Closes-Bug: #1568427 Change-Id: Ided789dd9b70d36048f472e9721ed578fc0d9387 --- .../kubernetes/fragments/make-cert-client.sh | 5 +---- .../kubernetes/fragments/make-cert.sh | 5 +---- magnum/templates/swarm/fragments/make-cert.py | 19 +++++-------------- 3 files changed, 7 insertions(+), 22 deletions(-) diff --git a/magnum/templates/kubernetes/fragments/make-cert-client.sh b/magnum/templates/kubernetes/fragments/make-cert-client.sh index 9a8822fbc8..2b076bf28b 100644 --- a/magnum/templates/kubernetes/fragments/make-cert-client.sh +++ b/magnum/templates/kubernetes/fragments/make-cert-client.sh @@ -82,10 +82,7 @@ CN = kubernetes.invalid [req_ext] keyUsage=critical,digitalSignature,keyEncipherment extendedKeyUsage=clientAuth -# TODO(hongbin): This is a temporary work-around for a gate breakage. -# Need to investigate the issue and revert this temporary fix. -# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address -#subjectAltName=dirName:kubelet,dirName:kubeproxy +subjectAltName=dirName:kubelet,dirName:kubeproxy [kubelet] CN=kubelet [kubeproxy] diff --git a/magnum/templates/kubernetes/fragments/make-cert.sh b/magnum/templates/kubernetes/fragments/make-cert.sh index d1b6dd8109..fa43480ec1 100644 --- a/magnum/templates/kubernetes/fragments/make-cert.sh +++ b/magnum/templates/kubernetes/fragments/make-cert.sh @@ -87,10 +87,7 @@ prompt = no [req_distinguished_name] CN = kubernetes.invalid [req_ext] -# TODO(hongbin): This is a temporary work-around for a gate breakage. -# Need to investigate the issue and revert this temporary fix. -# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address -#subjectAltName = ${sans} +subjectAltName = ${sans} extendedKeyUsage = clientAuth,serverAuth EOF diff --git a/magnum/templates/swarm/fragments/make-cert.py b/magnum/templates/swarm/fragments/make-cert.py index db3addecd3..63bffb68e4 100644 --- a/magnum/templates/swarm/fragments/make-cert.py +++ b/magnum/templates/swarm/fragments/make-cert.py @@ -40,11 +40,7 @@ copy_extensions = copyall [req_distinguished_name] CN = swarm.invalid [req_ext] -# TODO(hongbin): This is a temporary work-around for a gate breakage. -# Need to investigate the issue and revert this temporary fix. -# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 -# address -#subjectAltName = %(subject_alt_names)s +subjectAltName = %(subject_alt_names)s extendedKeyUsage = clientAuth,serverAuth """ @@ -103,15 +99,10 @@ def write_server_key(): def _write_csr_config(config): with open(SERVER_CONF_PATH, 'w') as fp: - # TODO(hongbin): This is a temporary work-around for a gate breakage. - # Need to investigate the issue and revert this temporary fix. - # Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or - # IPv6 address - # params = { - # 'subject_alt_names': _build_subject_alt_names(config) - # } - # fp.write(CSR_CONFIG_TEMPLATE % params) - fp.write(CSR_CONFIG_TEMPLATE) + params = { + 'subject_alt_names': _build_subject_alt_names(config) + } + fp.write(CSR_CONFIG_TEMPLATE % params) def create_server_csr(config):