From 4f176b7af4a79402f2823a6d47d34addb43b1101 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Fri, 9 Dec 2016 10:55:29 -0500
Subject: Limit node certificate SAN to node hostnames/ips.

---
 roles/openshift_node_certificates/tasks/main.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 35f84c2cf..717bf3cea 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -64,13 +64,13 @@
 - name: Generate the node server certificate
   command: >
     {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert
-      --cert={{ openshift_node_generated_config_dir }}/server.crt
-      --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key
-      --overwrite=true
-      --hostnames={{ openshift.common.all_hostnames |join(",") }}
-      --signer-cert={{ openshift_ca_cert }}
-      --signer-key={{ openshift_ca_key }}
-      --signer-serial={{ openshift_ca_serial }}
+    --cert={{ openshift_node_generated_config_dir }}/server.crt
+    --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key
+    --overwrite=true
+    --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }},{{ openshift.common.ip }},{{ openshift.common.public_ip }}
+    --signer-cert={{ openshift_ca_cert }}
+    --signer-key={{ openshift_ca_key }}
+    --signer-serial={{ openshift_ca_serial }}
   args:
     creates: "{{ openshift_node_generated_config_dir }}/server.crt"
   when: node_certs_missing | bool
-- 
cgit v1.2.3