openstack
/
magnum
Code Issues Proposed changes

Add subjectAltName back to CSR config 

Depends-On: I5012dc0900b442cdf11273ee4e970258d13acbad
Closes-Bug: #1568427
Change-Id: Ided789dd9b70d36048f472e9721ed578fc0d9387
This commit is contained in:
Hongbin Lu 2016-04-10 20:31:39 -04:00
parent b882679492
commit 785eb98d5a
3 changed files with 7 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
magnum/templates/kubernetes/fragments/make-cert-client.sh
View File

@ -82,10 +82,7 @@ CN = kubernetes.invalid
[req_ext] [req_ext]
keyUsage=critical,digitalSignature,keyEncipherment keyUsage=critical,digitalSignature,keyEncipherment
extendedKeyUsage=clientAuth extendedKeyUsage=clientAuth
# TODO(hongbin): This is a temporary work-around for a gate breakage. subjectAltName=dirName:kubelet,dirName:kubeproxy
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address
#subjectAltName=dirName:kubelet,dirName:kubeproxy
[kubelet] [kubelet]
CN=kubelet CN=kubelet
[kubeproxy] [kubeproxy]

5
magnum/templates/kubernetes/fragments/make-cert.sh
View File

@ -87,10 +87,7 @@ prompt = no
[req_distinguished_name] [req_distinguished_name]
CN = kubernetes.invalid CN = kubernetes.invalid
[req_ext] [req_ext]
# TODO(hongbin): This is a temporary work-around for a gate breakage. subjectAltName = ${sans}
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address
#subjectAltName = ${sans}
extendedKeyUsage = clientAuth,serverAuth extendedKeyUsage = clientAuth,serverAuth
EOF EOF

19
magnum/templates/swarm/fragments/make-cert.py
View File

@ -40,11 +40,7 @@ copy_extensions = copyall
[req_distinguished_name] [req_distinguished_name]
CN = swarm.invalid CN = swarm.invalid
[req_ext] [req_ext]
# TODO(hongbin): This is a temporary work-around for a gate breakage. subjectAltName = %(subject_alt_names)s
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6
# address
#subjectAltName = %(subject_alt_names)s
extendedKeyUsage = clientAuth,serverAuth extendedKeyUsage = clientAuth,serverAuth
""" """
@ -103,15 +99,10 @@ def write_server_key():
def _write_csr_config(config): def _write_csr_config(config):
with open(SERVER_CONF_PATH, 'w') as fp: with open(SERVER_CONF_PATH, 'w') as fp:
# TODO(hongbin): This is a temporary work-around for a gate breakage. params = {
# Need to investigate the issue and revert this temporary fix. 'subject_alt_names': _build_subject_alt_names(config)
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or }
# IPv6 address fp.write(CSR_CONFIG_TEMPLATE % params)
# params = {
# 'subject_alt_names': _build_subject_alt_names(config)
# }
# fp.write(CSR_CONFIG_TEMPLATE % params)
fp.write(CSR_CONFIG_TEMPLATE)
def create_server_csr(config): def create_server_csr(config):