Merge "Add ssh pub key for kalmog"

commit: 3e88357489c06a024100d6dcdcab99595f00440e [log] [tgz]
author: mcp-jenkins <mcp-jenkins@mirantis.com> Tue Apr 02 15:46:26 2019 +0000
committer: Gerrit Code Review <mail@domain.com> Tue Apr 02 15:46:26 2019 +0000
tree: b8f3dbdc5d0472a494e67679d82356b5cfaa9fd3
parent: c464b3b13162adab0512df7c366c0d3643d451ac [diff]
parent: 2e4b95c78bdddd78d18e8d6a340974c683d30226 [diff]
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index d9be1a5..4523183 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml

@@ -5,7 +5,7 @@
     nova_compute_libvirt_allowed_dn_list:
       all:
         enabled: true
-        value: '*CN=cmp*.${_param:cluster_domain}*'
+        value: '*CN=cmp*'
   nova:
     compute:
       libvirt:

diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index 31c1b32..d7af492 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml

@@ -8,7 +8,10 @@
         libvirtd_client:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
-          common_name: ${linux:system:name}.${_param:cluster_domain}
+          # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+          # Set CN without domain name to fit this requirement.
+          # FQDN is included into alternative names field.
+          common_name: ${linux:system:name}
           signing_policy: cert_client
           alternative_names: >
             IP:${_param:cluster_local_address},

diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index b091d86..261ce56 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml

@@ -8,7 +8,10 @@
         libvirtd_server:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
-          common_name: ${linux:system:name}.${_param:cluster_domain}
+          # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+          # Set CN without domain name to fit this requirement.
+          # FQDN is included into alternative names field.
+          common_name: ${linux:system:name}
           signing_policy: cert_server
           alternative_names: >
             IP:${_param:cluster_local_address},

diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index ae35ff2..2929869 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml

@@ -10,7 +10,10 @@
         qemu_vnc_server:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:qemu_vnc_ca_authority}
-          common_name: ${linux:system:name}.${_param:cluster_domain}
+          # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+          # Set CN without domain name to fit this requirement.
+          # FQDN is included into alternative names field.
+          common_name: ${linux:system:name}
           signing_policy: cert_server
           alternative_names: >
             IP:${_param:cluster_local_address},
commit	3e88357489c06a024100d6dcdcab99595f00440e	[log] [tgz]
author	mcp-jenkins <mcp-jenkins@mirantis.com>	Tue Apr 02 15:46:26 2019 +0000
committer	Gerrit Code Review <mail@domain.com>	Tue Apr 02 15:46:26 2019 +0000
tree	b8f3dbdc5d0472a494e67679d82356b5cfaa9fd3
parent	c464b3b13162adab0512df7c366c0d3643d451ac [diff]
parent	2e4b95c78bdddd78d18e8d6a340974c683d30226 [diff]