From 7c0263617de52a8ae1d903a6a17b107ed07b7416 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Fri, 10 Jun 2022 09:24:28 +0200 Subject: [PATCH] mysql_replication: set MASTER_SSL=0 when primary_ssl is set to no --- .../1-mysql_replication_can_disable_master_ssl.yml | 2 ++ plugins/modules/mysql_replication.py | 10 ++++++---- .../tasks/mysql_replication_initial.yml | 3 ++- 3 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml diff --git a/changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml b/changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml new file mode 100644 index 0000000..ceb0d5a --- /dev/null +++ b/changelogs/fragments/1-mysql_replication_can_disable_master_ssl.yml @@ -0,0 +1,2 @@ +bugfixes: +- mysql_replication - when the ``primary_ssl`` argument is set to ``no``, the module will turn off SSL (https://github.com/ansible-collections/community.mysql/issues/393). diff --git a/plugins/modules/mysql_replication.py b/plugins/modules/mysql_replication.py index 46895e3..8e12052 100644 --- a/plugins/modules/mysql_replication.py +++ b/plugins/modules/mysql_replication.py @@ -93,7 +93,6 @@ options: - For details, refer to L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html). type: bool - default: false aliases: [master_ssl] primary_ssl_ca: description: @@ -449,7 +448,7 @@ def main(): primary_log_pos=dict(type='int', aliases=['master_log_pos']), relay_log_file=dict(type='str'), relay_log_pos=dict(type='int'), - primary_ssl=dict(type='bool', default=False, aliases=['master_ssl']), + primary_ssl=dict(type='bool', aliases=['master_ssl']), primary_ssl_ca=dict(type='str', aliases=['master_ssl_ca']), primary_ssl_capath=dict(type='str', aliases=['master_ssl_capath']), primary_ssl_cert=dict(type='str', aliases=['master_ssl_cert']), @@ -577,8 +576,11 @@ def main(): chm.append("RELAY_LOG_FILE='%s'" % relay_log_file) if relay_log_pos is not None: chm.append("RELAY_LOG_POS=%s" % relay_log_pos) - if primary_ssl: - chm.append("MASTER_SSL=1") + if primary_ssl is not None: + if primary_ssl: + chm.append("MASTER_SSL=1") + else: + chm.append("MASTER_SSL=0") if primary_ssl_ca is not None: chm.append("MASTER_SSL_CA='%s'" % primary_ssl_ca) if primary_ssl_capath is not None: diff --git a/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml b/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml index 7f6e554..8272307 100644 --- a/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml +++ b/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml @@ -125,12 +125,13 @@ primary_log_file: '{{ mysql_primary_status.File }}' primary_log_pos: '{{ mysql_primary_status.Position }}' primary_ssl_ca: '' + primary_ssl: no register: result - assert: that: - result is changed - - result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL_CA=''"] + - result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL=0,MASTER_SSL_CA=''"] # Test startreplica mode: - name: Start replica