Merge "Fix usage of Subject Alternative Name for TLS" into stable/wallaby

Author: Zuul

ansible/roles/certificates/tasks/generate-backend.yml

@@ -39,6 +39,8 @@
     -CA "{{ root_dir }}/root.crt"
     -CAkey "{{ root_dir }}/root.key"
     -CAcreateserial
+    -extensions v3_req
+    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
     -out "{{ backend_dir }}/backend.crt"
     -days 500
     -sha256

ansible/roles/certificates/tasks/generate.yml

@@ -46,6 +46,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla.cnf"
         -out "{{ external_dir }}/external.crt"
         -days 365
         -sha256
@@ -114,6 +116,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf"
         -out "{{ internal_dir }}/internal.crt"
         -days 365
         -sha256

ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2

@@ -8,14 +8,12 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_internal_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
 
 [alt_names]
 {% if kolla_internal_fqdn != kolla_internal_vip_address %}
 DNS.1 = {{ kolla_internal_fqdn }}
-{% else %}
-IP.1 = {{ kolla_internal_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_internal_vip_address }}

ansible/roles/certificates/templates/openssl-kolla.cnf.j2

@@ -8,14 +8,12 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_external_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
 
 [alt_names]
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
-{% else %}
-IP.1 = {{ kolla_external_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_external_vip_address }}