Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Add support for multiple DNS names in SAN to dockertls. #182

Closed
estenrye opened this issue Aug 9, 2017 · 3 comments
Closed

[Enhancement] Add support for multiple DNS names in SAN to dockertls. #182

estenrye opened this issue Aug 9, 2017 · 3 comments

Comments

@estenrye
Copy link
Contributor

estenrye commented Aug 9, 2017

Use Case:
WHEN a common DNS name exists for all managers in a swarm (e.g. manager.nonprod.blah.io)
AND each node must support communication using the following DNS name examples
COMPUTERNAME
COMPUTERNAME.ACTIVE_DIRECTORY_DOMAIN
manager.nonprod.blah.io
AND each node in the swarm has DockerTLS enabled using the stefanscherer/dockertls-windows image
THEN dockerhost -H COMPUTERNAME ps should execute successfully
AND dockerhost -H COMPUTERNAME.ACTIVE_DIRECTORY_DOMAIN ps should execute successfully
AND dockerhost -H manager.nonprod.blah.io ps should execute successfully.

Suggested Implementation
Add a parameter to createCerts to supply an array of additional DNS names.
Modify the following line of createCerts to iterate over the array of additional DNS names and include them in the subjectAltName.
"subjectAltName = " + (($ipAddresses.Split(',') | ForEach-Object { "IP:$_" }) -join ',') + ",DNS.1:$serverName" | Out-File extfile.cnf -Encoding Ascii
Use an environment variable $env:ALTERNATIVE_NAMES to load the array of additional DNS names as a comma separated list.
@estenrye
Copy link
Contributor Author

estenrye commented Aug 9, 2017

I intend to put up a pull request for this enhancement.

estenrye pushed a commit to estenrye/dockerfiles-windows that referenced this issue Aug 9, 2017
@estenrye-prlb
Add environment variable ADDITIONAL_NAMES
6480554 
This change adds an environment variable to supply additional DNS names to include in the SAN of the certificate that gets generated.

StefanScherer#182
estenrye pushed a commit to estenrye/dockerfiles-windows that referenced this issue Aug 9, 2017
@estenrye-prlb
Add Support for Multiple Alternative Names.
3c43f57 
Refactored environment variable ADDITIONAL_NAMES to ALTERNATIVE_NAMES.

Refactored logic that generated Subject Alternative Names to support generation of multiple DNS alternative names from a comma separated list.

Refactored run.ps1 to support taking parameters in addition to environment variables.

StefanScherer#182
@estenrye estenrye mentioned this issue Aug 9, 2017
Merged
estenrye pushed a commit to estenrye/dockerfiles-windows that referenced this issue Aug 9, 2017
@estenrye-prlb
Fix bug that causes run failure.
975349d 
Encountered a bug when ALTERNATIVE_NAMES is not supplied.  Added null or whitespace checks to skip adding IP Addresses or Alternative Names when those values are not supplied.

StefanScherer#182
@StefanScherer
Copy link
Owner

@estenrye Thank you. Sounds reasonable. Seems like you also want to write a Cucumber integration test 👍 😃

@StefanScherer
Copy link
Owner

Closed with #183

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StefanScherer @estenrye