Merge pull request #2961 from abutcher/node-hostnames-san

Limit node certificate SANs to node hostnames/ips.

1 files changed, 7 insertions, 7 deletions

diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 35f84c2cf..717bf3cea 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -64,13 +64,13 @@
 - name: Generate the node server certificate
   command: >
     {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert
-      --cert={{ openshift_node_generated_config_dir }}/server.crt
-      --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key
-      --overwrite=true
-      --hostnames={{ openshift.common.all_hostnames |join(",") }}
-      --signer-cert={{ openshift_ca_cert }}
-      --signer-key={{ openshift_ca_key }}
-      --signer-serial={{ openshift_ca_serial }}
+    --cert={{ openshift_node_generated_config_dir }}/server.crt
+    --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key
+    --overwrite=true
+    --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }},{{ openshift.common.ip }},{{ openshift.common.public_ip }}
+    --signer-cert={{ openshift_ca_cert }}
+    --signer-key={{ openshift_ca_key }}
+    --signer-serial={{ openshift_ca_serial }}
   args:
     creates: "{{ openshift_node_generated_config_dir }}/server.crt"
   when: node_certs_missing | bool