From 2167e47182b274325d4a83292445a54ca40d1289 Mon Sep 17 00:00:00 2001
From: Oliver Walsh <owalsh@redhat.com>
Date: Mon, 15 Jul 2024 16:20:06 +0100
Subject: [PATCH] Use short hostname for CommonName in node cert

CommonName is limited to 64bytes so not safe to use the fqdn.

QEMU/libvirt actaully expect CN to be the short hostname:

$ virt-pki-validate
...
The server certificate does not seem to match the host name
hostname: "edpm-compute-0"
Server certificate CN: "edpm-compute-0.ctlplane.example.com"

Related: OSPRH-8652
---
 pkg/dataplane/cert.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/dataplane/cert.go b/pkg/dataplane/cert.go
index a13db62ca..afc9b22ca 100644
--- a/pkg/dataplane/cert.go
+++ b/pkg/dataplane/cert.go
@@ -170,8 +170,10 @@ func EnsureTLSCerts(ctx context.Context, helper *helper.Helper,
 				nodeName)
 		}
 
+		commonName := strings.Split(baseName, ".")[0]
+
 		certSecret, result, err = GetTLSNodeCert(ctx, helper, instance, certName,
-			issuer, labels, baseName, hosts, ips, service.Spec.TLSCerts[certKey].KeyUsages)
+			issuer, labels, commonName, hosts, ips, service.Spec.TLSCerts[certKey].KeyUsages)
 
 		// handle cert request errors
 		if (err != nil) || (result != ctrl.Result{}) {