Don't use FQDN in CN for libvirt certs According to RFC CN is limited to 63 characters, this patch updates common_name for libvirt certs to use hostname only. FQDN is added to alvernative names. Change-Id: Ib509d73faeb17bcc423a2590de730baddd209d81 Related-Prod: PROD-28275 (cherry picked from commit c464b3b13162adab0512df7c366c0d3643d451ac)

commit: 4d34b5545478ae541ee6b9ca350fc8ebc8de4884 [log] [tgz]
author: Vasyl Saienko <vsaienko@mirantis.com> Mon Apr 01 15:38:12 2019 +0300
committer: Vasyl Saienko <vsaienko@mirantis.com> Tue Apr 02 14:20:02 2019 +0000
tree: 2077ec71d42a1b27c1690488cf5f7a2e899aed98
parent: 606a4d433124793c72cd9afa340b0ee692c17e9d [diff] [blame]
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index ae35ff2..2929869 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml

@@ -10,7 +10,10 @@
         qemu_vnc_server:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:qemu_vnc_ca_authority}
-          common_name: ${linux:system:name}.${_param:cluster_domain}
+          # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+          # Set CN without domain name to fit this requirement.
+          # FQDN is included into alternative names field.
+          common_name: ${linux:system:name}
           signing_policy: cert_server
           alternative_names: >
             IP:${_param:cluster_local_address},
commit	4d34b5545478ae541ee6b9ca350fc8ebc8de4884	[log] [tgz]
author	Vasyl Saienko <vsaienko@mirantis.com>	Mon Apr 01 15:38:12 2019 +0300
committer	Vasyl Saienko <vsaienko@mirantis.com>	Tue Apr 02 14:20:02 2019 +0000
tree	2077ec71d42a1b27c1690488cf5f7a2e899aed98
parent	606a4d433124793c72cd9afa340b0ee692c17e9d [diff] [blame]