From 4443a53b88bc3ad36632447c41d552258f120e4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Thu, 17 Oct 2019 08:49:32 +0200
Subject: [PATCH] Fix OpenSSL template

OpenSSL certificate should default to FQDN if possible.
Using IP addresses is not recommended, complicates dual stack
and limits addressing flexibility.

IPv6 control plane implementation [1] follow-up.

[1] Ia34e6916ea4f99e9522cd2ddde03a0a4776f7e2c

Change-Id: Ibfc02f933ddcc170e9d616d401e294ba0ff5e981
---
 ansible/roles/certificates/templates/openssl-kolla.cnf.j2 | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2 b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
index e580fa613a..4e15b92b82 100644
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@@ -13,10 +13,8 @@ commonName = {{ kolla_external_fqdn }}
 subjectAltName = @alt_names
 
 [alt_names]
-IP.1 = {{ kolla_external_vip_address }}
-# NOTE(Xing Zhang): Add IPv6 external VIP address to IP.2 when
-# ipv6-control-plane is implemented.
-#IP.2 =
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
+{% else %}
+IP.1 = {{ kolla_external_fqdn }}
 {% endif %}