diff options
author | Andrew Butcher <abutcher@afrolegs.com> | 2016-12-12 13:58:50 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-12 13:58:50 -0500 |
commit | 91fba8015e9e8035cca2444dbbc8954a27e2310e (patch) | |
tree | 52a2fd65c30372821590cdddbed5bea16df4bb03 | |
parent | bf3fa6162880e2dff9c23d42ceb2197e071ba570 (diff) | |
parent | 4f176b7af4a79402f2823a6d47d34addb43b1101 (diff) | |
download | openshift-91fba8015e9e8035cca2444dbbc8954a27e2310e.tar.gz openshift-91fba8015e9e8035cca2444dbbc8954a27e2310e.tar.bz2 openshift-91fba8015e9e8035cca2444dbbc8954a27e2310e.tar.xz openshift-91fba8015e9e8035cca2444dbbc8954a27e2310e.zip |
Merge pull request #2961 from abutcher/node-hostnames-san
Limit node certificate SANs to node hostnames/ips.
-rw-r--r-- | roles/openshift_node_certificates/tasks/main.yml | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 35f84c2cf..717bf3cea 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -64,13 +64,13 @@ - name: Generate the node server certificate command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert - --cert={{ openshift_node_generated_config_dir }}/server.crt - --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key - --overwrite=true - --hostnames={{ openshift.common.all_hostnames |join(",") }} - --signer-cert={{ openshift_ca_cert }} - --signer-key={{ openshift_ca_key }} - --signer-serial={{ openshift_ca_serial }} + --cert={{ openshift_node_generated_config_dir }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key + --overwrite=true + --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }},{{ openshift.common.ip }},{{ openshift.common.public_ip }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} args: creates: "{{ openshift_node_generated_config_dir }}/server.crt" when: node_certs_missing | bool |