From 943f78f175cd21a4d1daff46f95f0c17976e3c6f Mon Sep 17 00:00:00 2001
From: Stephen Benjamin <stbenjam@redhat.com>
Date: Tue, 8 Sep 2015 12:58:19 -0400
Subject: [PATCH] refs #11737 - support cnames and add localhost cname to qpid
 certs

---
 lib/puppet/provider/cert/katello_ssl_tool.rb | 10 ++++++++++
 lib/puppet/type/certs_common.rb              |  2 ++
 manifests/candlepin.pp                       |  4 ++--
 manifests/qpid.pp                            |  1 +
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/cert/katello_ssl_tool.rb b/lib/puppet/provider/cert/katello_ssl_tool.rb
index 964b2e6c..0ef19420 100644
--- a/lib/puppet/provider/cert/katello_ssl_tool.rb
+++ b/lib/puppet/provider/cert/katello_ssl_tool.rb
@@ -10,6 +10,7 @@ def generate!
               '--server-cert-req', File.basename(req_file),
               '--server-key', File.basename(privkey),
               '--server-rpm', rpmfile_base_name ]
+
     if resource[:custom_pubkey]
       FileUtils.mkdir_p(build_path)
       FileUtils.cp(resource[:custom_pubkey], build_path(File.basename(pubkey)))
@@ -25,6 +26,15 @@ def generate!
                    '--ca-key', ca_details[:privkey]])
       args.concat(common_args)
     end
+
+    if resource[:cname]
+      if resource[:cname].is_a?(String)
+        args << ['--set-cname', resource[:cname]]
+      else
+        args << resource[:cname].map { |cname| ['--set-cname', cname] }.flatten
+      end
+    end
+
     katello_ssl_tool(*args)
     super
   end
diff --git a/lib/puppet/type/certs_common.rb b/lib/puppet/type/certs_common.rb
index 96c0db72..0730462f 100644
--- a/lib/puppet/type/certs_common.rb
+++ b/lib/puppet/type/certs_common.rb
@@ -16,6 +16,8 @@ module Certs
 
     newparam(:common_name)
 
+    newparam(:cname)
+
     newparam(:email)
 
     newparam(:country)
diff --git a/manifests/candlepin.pp b/manifests/candlepin.pp
index 8bad42c6..db3ae517 100644
--- a/manifests/candlepin.pp
+++ b/manifests/candlepin.pp
@@ -87,8 +87,8 @@
       mode   => '0750',
     } ~>
     exec { 'create candlepin qpid exchange':
-      command => "qpid-config --ssl-certificate ${client_cert} --ssl-key ${client_key} -b 'amqps://${::fqdn}:5671' add exchange topic ${certs::candlepin_qpid_exchange} --durable",
-      unless  => "qpid-config --ssl-certificate ${client_cert} --ssl-key ${client_key} -b 'amqps://${::fqdn}:5671' exchanges ${certs::candlepin_qpid_exchange}",
+      command => "qpid-config --ssl-certificate ${client_cert} --ssl-key ${client_key} -b 'amqps://localhost:5671' add exchange topic ${certs::candlepin_qpid_exchange} --durable",
+      unless  => "qpid-config --ssl-certificate ${client_cert} --ssl-key ${client_key} -b 'amqps://localhost:5671' exchanges ${certs::candlepin_qpid_exchange}",
       require => Service['qpidd'],
     } ~>
     exec { 'import CA into Candlepin truststore':
diff --git a/manifests/qpid.pp b/manifests/qpid.pp
index e9f7e0c0..93c176ac 100644
--- a/manifests/qpid.pp
+++ b/manifests/qpid.pp
@@ -14,6 +14,7 @@
   cert { $qpid_cert_name:
     ensure        => present,
     hostname      => $::certs::qpid::hostname,
+    cname         => 'localhost',
     country       => $::certs::country,
     state         => $::certs::state,
     city          => $::certs::city,