Prepare for fqdn on internal endpoints in keystone catalog * Adds hosts entries to each node to map <openstack_control_address> to <openstack_service_hostname>.<domain> * Adds appropriate DNS aliases to openstack API, barbican, novncproxy certs Change-Id: I8fbd0f03a7c60291c66c5fd686052d18d4edc426 Related-Prod: PROD-24975

commit: 71e8c54c8d55df2e7face2cda1e3f57e49566d42 [log] [tgz]
author: Vasyl Saienko <vsaienko@mirantis.com> Fri Nov 16 16:19:17 2018 +0200
committer: Vasyl Saienko <vsaienko@mirantis.com> Mon Nov 19 18:41:59 2018 +0000
tree: 113195f06150f91d5b2415df99fa8c514017030f
parent: b45dbd9a0e93b9e7ee568cdfa30edbf439dbb277 [diff] [blame]
diff --git a/salt/minion/cert/openstack_api.yml b/salt/minion/cert/openstack_api.yml
index 03e8974..3f6af63 100644
--- a/salt/minion/cert/openstack_api.yml
+++ b/salt/minion/cert/openstack_api.yml

@@ -2,7 +2,7 @@
   _param:
     salt_minion_ca_host: ${linux:network:fqdn}
     salt_minion_ca_authority: salt_master_ca
-    openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
+    openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
     openstack_api_cert_key_file: "/etc/ssl/private/openstack_api.key"
     openstack_api_cert_cert_file: "/etc/ssl/certs/openstack_api.crt"
     openstack_api_cert_all_file: "/etc/ssl/certs/openstack_api_with_chain.crt"
commit	71e8c54c8d55df2e7face2cda1e3f57e49566d42	[log] [tgz]
author	Vasyl Saienko <vsaienko@mirantis.com>	Fri Nov 16 16:19:17 2018 +0200
committer	Vasyl Saienko <vsaienko@mirantis.com>	Mon Nov 19 18:41:59 2018 +0000
tree	113195f06150f91d5b2415df99fa8c514017030f
parent	b45dbd9a0e93b9e7ee568cdfa30edbf439dbb277 [diff] [blame]