From 7745cc084b2487a6ee478de44498a5115d3d0cc3 Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Tue, 14 Aug 2018 18:24:48 +0000
Subject: [PATCH] Add VPN host names as alt names for batcave SSH certs

Useful when you need to SSH into batcave through VPN, like from
bastion in a different DC.
---
 inventory/host_vars/batcave01.phx2.fedoraproject.org | 4 ++++
 inventory/host_vars/batcave13.rdu2.fedoraproject.org | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/inventory/host_vars/batcave01.phx2.fedoraproject.org b/inventory/host_vars/batcave01.phx2.fedoraproject.org
index 5a9d39504b..51b54722be 100644
--- a/inventory/host_vars/batcave01.phx2.fedoraproject.org
+++ b/inventory/host_vars/batcave01.phx2.fedoraproject.org
@@ -28,3 +28,7 @@ sar_script: /usr/local/bin/koji_sar.py
 sar_script_user: root
 sar_output_file: koji.json
 
+# Add VPN host name as alt name for SSH cert.  Useful when you need to
+# SSH into batcave through VPN, like from bastion in a different DC.
+ssh_hostnames:
+- batcave01.vpn.fedoraproject.org
diff --git a/inventory/host_vars/batcave13.rdu2.fedoraproject.org b/inventory/host_vars/batcave13.rdu2.fedoraproject.org
index e4e59dc8f1..dcbd9c85bc 100644
--- a/inventory/host_vars/batcave13.rdu2.fedoraproject.org
+++ b/inventory/host_vars/batcave13.rdu2.fedoraproject.org
@@ -40,3 +40,8 @@ num_cpus: 8
 
 ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q root@bastion13.fedoraproject.org"'
 fas_client_groups: sysadmin-main
+
+# Add VPN host name as alt namefor SSH cert.  Useful when you need to
+# SSH into batcave through VPN, like from bastion in a different DC.
+ssh_hostnames:
+- batcave13.vpn.fedoraproject.org