diff --git a/bin/openssl_proxy.sh b/bin/openssl_proxy.sh index e1117af175f8..45bd11a815b3 100755 --- a/bin/openssl_proxy.sh +++ b/bin/openssl_proxy.sh @@ -9,6 +9,7 @@ temp_certs_path="" key_path="" keyname="" hostname="" +hostname_type="" show_help() { cat >&1 <<-EOT @@ -47,6 +48,9 @@ node certs generation) --keyname, --kn, -kn Name of the key to be generated. + + --hostname-type, --ht, -ht + Hostname type. Accepted vales: IP/DNS --------------------------------------------------------------------------------------------------- EOT } @@ -107,9 +111,13 @@ generate_node_certs() { [ req_ext ] subjectAltName = @alt_names - [alt_names] - IP.1 = '"$hostname"'' > "$temp_certs_path"/node.conf + [alt_names]' > "$temp_certs_path"/node.conf + if [[ $hostname_type == "DNS" ]]; then + echo 'DNS.1 = '"$hostname"'' >> "$temp_certs_path"/node.conf + else + echo 'IP.1 = '"$hostname"'' >> "$temp_certs_path"/node.conf + fi openssl genrsa -out "$temp_certs_path"/node."$hostname".key chmod 400 "$temp_certs_path"/node."$hostname".key @@ -169,6 +177,10 @@ while [[ $# -gt 0 ]]; do hostname="$2" shift ;; + --hostname_type|--ht|-ht) + hostname_type="$2" + shift + ;; generate-key) key_generation=true ;; diff --git a/bin/yugabyted b/bin/yugabyted index 56c2c0d8b0f9..5b19badfc50b 100755 --- a/bin/yugabyted +++ b/bin/yugabyted @@ -1954,8 +1954,12 @@ class ControlScript(object): "root-ca certs database. Removing...") shutil.rmtree(node_certs_dir) + if self.configs.saved_data.get("dns_enabled"): + hostname_type = "DNS" + else: + hostname_type = "IP" status = OpenSSLProxy.generate_node_server_certs(root_certs_dir=root_certs_dir, - hostname=hostname, server_cert_dir=node_certs_dir) + hostname=hostname, server_cert_dir=node_certs_dir, hostname_type=hostname_type) if not status: status_details = [ @@ -9094,9 +9098,10 @@ class OpenSSLProxy(object): # Generate node server certificates @staticmethod - def generate_node_server_certs(root_certs_dir, server_cert_dir, hostname, timeout=60): + def generate_node_server_certs(root_certs_dir, server_cert_dir, hostname, hostname_type, + timeout=60): cmd = OpenSSLProxy.cmd_args + ['generate-server-cert', '-rcp', root_certs_dir, - '-scp', server_cert_dir, '-hn', hostname] + '-scp', server_cert_dir, '-hn', hostname, '-ht', hostname_type] out, err, ret = run_process(cmd, timeout=timeout, log_cmd=True) return (0 == ret)