From 04aa13f6d686e08457c5dc88f89141dd2e43f09a Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Mon, 13 Jun 2022 09:13:58 +0300 Subject: [PATCH] mysql_replication: set MASTER_SSL=0 when primary_ssl is set to no (#397) * mysql_replication: set MASTER_SSL=0 when primary_ssl is set to no * Improve doc --- .../1-mysql_replication_can_disable_master_ssl.yml | 2 ++ plugins/modules/mysql_replication.py | 11 +++++++---- .../tasks/mysql_replication_initial.yml | 3 ++- 3 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml diff --git a/changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml b/changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml new file mode 100644 index 0000000..ceb0d5a --- /dev/null +++ b/changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml @@ -0,0 +1,2 @@ +bugfixes: +- mysql_replication - when the ``primary_ssl`` argument is set to ``no``, the module will turn off SSL (https://github.com/ansible-collections/community.mysql/issues/393). diff --git a/plugins/modules/mysql_replication.py b/plugins/modules/mysql_replication.py index 46895e3..f4c21b9 100644 --- a/plugins/modules/mysql_replication.py +++ b/plugins/modules/mysql_replication.py @@ -92,8 +92,8 @@ options: if an encrypted connection can be established. - For details, refer to L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html). + - The default is C(false). type: bool - default: false aliases: [master_ssl] primary_ssl_ca: description: @@ -449,7 +449,7 @@ def main(): primary_log_pos=dict(type='int', aliases=['master_log_pos']), relay_log_file=dict(type='str'), relay_log_pos=dict(type='int'), - primary_ssl=dict(type='bool', default=False, aliases=['master_ssl']), + primary_ssl=dict(type='bool', aliases=['master_ssl']), primary_ssl_ca=dict(type='str', aliases=['master_ssl_ca']), primary_ssl_capath=dict(type='str', aliases=['master_ssl_capath']), primary_ssl_cert=dict(type='str', aliases=['master_ssl_cert']), @@ -577,8 +577,11 @@ def main(): chm.append("RELAY_LOG_FILE='%s'" % relay_log_file) if relay_log_pos is not None: chm.append("RELAY_LOG_POS=%s" % relay_log_pos) - if primary_ssl: - chm.append("MASTER_SSL=1") + if primary_ssl is not None: + if primary_ssl: + chm.append("MASTER_SSL=1") + else: + chm.append("MASTER_SSL=0") if primary_ssl_ca is not None: chm.append("MASTER_SSL_CA='%s'" % primary_ssl_ca) if primary_ssl_capath is not None: diff --git a/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml b/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml index 7f6e554..8272307 100644 --- a/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml +++ b/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml @@ -125,12 +125,13 @@ primary_log_file: '{{ mysql_primary_status.File }}' primary_log_pos: '{{ mysql_primary_status.Position }}' primary_ssl_ca: '' + primary_ssl: no register: result - assert: that: - result is changed - - result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL_CA=''"] + - result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL=0,MASTER_SSL_CA=''"] # Test startreplica mode: - name: Start replica