Add cluster_local_address to allowed alternative names for etcd server certificate in single mode. etcd listen on real IP and ssl should allow connections. Change-Id: I214e496c47047d867aa769ac1eb0359a5a69934e

commit: 3d1a0df978a9b70b2276713c173da7ebd49d7c1d [log] [tgz]
author: Andrey Shestakov <ashestakov@mirantis.com> Wed Nov 08 01:15:41 2017 +0200
committer: Andrey Shestakov <ashestakov@mirantis.com> Wed Nov 08 01:15:41 2017 +0200
tree: f78bffbe8c44cdaed4cf013110f6a6efb9fc67f9
parent: a153e44e83ec48c72d2c6b5a9af2e248cc79baa0 [diff]
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
index f9fc585..d333fb8 100644
--- a/salt/minion/cert/etcd_server_single.yml
+++ b/salt/minion/cert/etcd_server_single.yml

@@ -7,7 +7,7 @@
           authority: ${_param:salt_minion_ca_authority}
           common_name: ${linux:system:name}
           signing_policy: cert_open
-          alternative_names: IP:127.0.0.1,DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
           extended_key_usage: serverAuth,clientAuth
           key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: /var/lib/etcd/etcd-server.key
commit	3d1a0df978a9b70b2276713c173da7ebd49d7c1d	[log] [tgz]
author	Andrey Shestakov <ashestakov@mirantis.com>	Wed Nov 08 01:15:41 2017 +0200
committer	Andrey Shestakov <ashestakov@mirantis.com>	Wed Nov 08 01:15:41 2017 +0200
tree	f78bffbe8c44cdaed4cf013110f6a6efb9fc67f9
parent	a153e44e83ec48c72d2c6b5a9af2e248cc79baa0 [diff]