diff --git a/plugins/modules/mysql_replication.py b/plugins/modules/mysql_replication.py index b902da0..deb2a0c 100644 --- a/plugins/modules/mysql_replication.py +++ b/plugins/modules/mysql_replication.py @@ -493,7 +493,7 @@ def main(): primary_ssl_cert=dict(type='str', aliases=['master_ssl_cert']), primary_ssl_key=dict(type='str', no_log=False, aliases=['master_ssl_key']), primary_ssl_cipher=dict(type='str', aliases=['master_ssl_cipher']), - primary_ssl_verify_server_cert=dict(type='bool', default=False), + primary_ssl_verify_server_cert=dict(type='bool'), primary_use_gtid=dict(type='str', choices=[ 'current_pos', 'replica_pos', 'disabled'], aliases=['master_use_gtid']), primary_delay=dict(type='int', aliases=['master_delay']), @@ -641,8 +641,11 @@ def main(): chm.append("%s='%s'" % (command_resolver.resolve_command('MASTER_SSL_KEY'), primary_ssl_key)) if primary_ssl_cipher is not None: chm.append("%s='%s'" % (command_resolver.resolve_command('MASTER_SSL_CIPHER'), primary_ssl_cipher)) - if primary_ssl_verify_server_cert: - chm.append("%s=1" % command_resolver.resolve_command('MASTER_SSL_VERIFY_SERVER_CERT')) + if primary_ssl_verify_server_cert is not None: + if primary_ssl_verify_server_cert: + chm.append("%s=1" % command_resolver.resolve_command('MASTER_SSL_VERIFY_SERVER_CERT')) + else: + chm.append("%s=0" % command_resolver.resolve_command('MASTER_SSL_VERIFY_SERVER_CERT')) if primary_auto_position: chm.append("%s=1" % command_resolver.resolve_command('MASTER_AUTO_POSITION')) if primary_use_gtid is not None: @@ -723,8 +726,11 @@ def main(): chm.append("SOURCE_SSL_KEY='%s'" % primary_ssl_key) if primary_ssl_cipher is not None: chm.append("SOURCE_SSL_CIPHER='%s'" % primary_ssl_cipher) - if primary_ssl_verify_server_cert: - chm.append("SOURCE_SSL_VERIFY_SERVER_CERT=1") + if primary_ssl_verify_server_cert is not None: + if primary_ssl_verify_server_cert: + chm.append("%s=1" % command_resolver.resolve_command('MASTER_SSL_VERIFY_SERVER_CERT')) + else: + chm.append("%s=0" % command_resolver.resolve_command('MASTER_SSL_VERIFY_SERVER_CERT')) if primary_auto_position: chm.append("SOURCE_AUTO_POSITION=1") try: diff --git a/tests/integration/targets/test_mysql_replication/tasks/issue-689.yml b/tests/integration/targets/test_mysql_replication/tasks/issue-689.yml new file mode 100644 index 0000000..cc79d6d --- /dev/null +++ b/tests/integration/targets/test_mysql_replication/tasks/issue-689.yml @@ -0,0 +1,40 @@ +--- + +- vars: + mysql_parameters: &mysql_params + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: '{{ mysql_host }}' + login_port: '{{ mysql_primary_port }}' + block: + + - name: Disable ssl verification + community.mysql.mysql_replication: + <<: *mysql_params + login_port: '{{ mysql_replica1_port }}' + mode: changeprimary + primary_ssl_verify_server_cert: false + register: result + + - name: Assert that changeprimmary is changed and return expected query for MariaDB and MySQL < 8.0.23 + ansible.builtin.assert: + that: + - result is changed + - result.queries == expected_queries + when: + - > + db_engine == 'mariadb' or + (db_engine == 'mysql' and db_version is version('8.0.23', '<')) + vars: + expected_queries: ["CHANGE MASTER TO MASTER_SSL_VERIFY_SERVER_CERT=0"] + + - name: Assert that changeprimmary is changed and return expected query for MySQL > 8.0.23 + ansible.builtin.assert: + that: + - result is changed + - result.queries == expected_queries + when: + - db_engine == 'mysql' + - db_version is version('8.0.23', '>=') + vars: + expected_queries: ["CHANGE REPLICATION SOURCE TO SOURCE_SSL_VERIFY_SERVER_CERT=0"] diff --git a/tests/integration/targets/test_mysql_replication/tasks/main.yml b/tests/integration/targets/test_mysql_replication/tasks/main.yml index 32ce553..9e88203 100644 --- a/tests/integration/targets/test_mysql_replication/tasks/main.yml +++ b/tests/integration/targets/test_mysql_replication/tasks/main.yml @@ -31,3 +31,6 @@ when: - db_engine == 'mysql' - db_version is version('8.0.23', '>=') + +# primary_ssl_verify_server_cert +- import_tasks: issue-689.yml