commit 8704f3599e3ba2a693e1c80900eddf735de8c6d8
author Oleh Hryhorov <ohryhorov@mirantis.com> Thu Oct 11 13:12:32 2018 +0300
committer Oleh Hryhorov <ohryhorov@mirantis.com> Thu Oct 11 13:12:32 2018 +0300
tree 28c7098e3e11edbd7469b818bf7cf423e5ea465e
parent 66e3c0ae0ec21443f45a31880c050ae7dd137afc

Adding barbican VIP address to subjectAltName

The patch adds barbican VIP to subjectAltName because of
standard behavior of librequest which compares FQDN in request
with name from DNS [0].

[0] http://docs.python-requests.org/en/master/user/advanced/#verification
[1] http://docs.python-requests.org/en/master/community/faq/

Change-Id: I7149ccd525bc59f8dd802346c81e0d21116f0687
Related-PROD: PROD-23871

salt/minion/cert/barbican.yml

diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index f499732..b53d07d 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -2,7 +2,7 @@
   _param:
     salt_minion_ca_host: kmn01.${_param:cluster_domain}
     salt_minion_ca_authority: salt_master_ca
-    barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+    barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
   salt:
     minion:
         cert: