Restore missing SAN IP in etcd cert
This patch fixes a regression in the etcd cert that is used with tls-everywhere. The etcd service makes cluster connections using its IP address, so with tls-e the etcd cert needs to include its address as a SAN IP. The SAN IP was inadvertently dropped when cert generation was moved from puppet to an ansible role. Resolves: rhbz#2096230 Change-Id: I28e268c58bf63aaa81a67f48ca492fe97d9a07e9
This commit is contained in:
parent
1a12459ac9
commit
9ed1c7b920
|
@ -314,6 +314,12 @@ outputs:
|
||||||
template: "{{cloud_names.cloud_name_NETWORK}}"
|
template: "{{cloud_names.cloud_name_NETWORK}}"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||||
|
# etcd3 expects to use IP addresses, so add a SAN IP to its cert
|
||||||
|
ip:
|
||||||
|
str_replace:
|
||||||
|
template: "{{NETWORK_ip}}"
|
||||||
|
params:
|
||||||
|
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||||
principal:
|
principal:
|
||||||
str_replace:
|
str_replace:
|
||||||
template: "etcd/{{fqdn_$NETWORK}}@{{idm_realm}}"
|
template: "etcd/{{fqdn_$NETWORK}}@{{idm_realm}}"
|
||||||
|
|
Loading…
Reference in New Issue