From aef6a2040c7200197373fca28fcb953b54e05509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BD=D0=B4=D1=80=D0=B5=D0=B9=20=D0=9D=D0=B5=D1=83?= =?UTF-8?q?=D1=81=D1=82=D1=80=D0=BE=D0=B5=D0=B2?= <99169437+aneustroev@users.noreply.github.com> Date: Fri, 2 Sep 2022 13:59:51 +0500 Subject: [PATCH] Add SOURCE_SSL_VERIFY_SERVER_CERT parameter (#435) * Add SOURCE_SSL_VERIFY_SERVER_CERT parameter * Rewiev fixs and add changelog fragment * fix version * Update changelogs/fragments/435-mysql_replication_verify_server_cert.yml Co-authored-by: Andrew Klychkov Co-authored-by: Andrew Klychkov --- .../435-mysql_replication_verify_server_cert.yml | 3 +++ plugins/modules/mysql_replication.py | 10 ++++++++++ 2 files changed, 13 insertions(+) create mode 100644 changelogs/fragments/435-mysql_replication_verify_server_cert.yml diff --git a/changelogs/fragments/435-mysql_replication_verify_server_cert.yml b/changelogs/fragments/435-mysql_replication_verify_server_cert.yml new file mode 100644 index 0000000..8e5a2eb --- /dev/null +++ b/changelogs/fragments/435-mysql_replication_verify_server_cert.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - "mysql_replication - add a new option: ``primary_ssl_verify_server_cert`` (https://github.com//pull/435)." \ No newline at end of file diff --git a/plugins/modules/mysql_replication.py b/plugins/modules/mysql_replication.py index 68f3f22..d63905f 100644 --- a/plugins/modules/mysql_replication.py +++ b/plugins/modules/mysql_replication.py @@ -131,6 +131,12 @@ options: L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html). type: str aliases: [master_ssl_cipher] + primary_ssl_verify_server_cert: + description: + - Same as mysql variable. + type: bool + default: false + version_added: '3.5.0' primary_auto_position: description: - Whether the host uses GTID based replication or not. @@ -458,6 +464,7 @@ def main(): primary_ssl_cert=dict(type='str', aliases=['master_ssl_cert']), primary_ssl_key=dict(type='str', no_log=False, aliases=['master_ssl_key']), primary_ssl_cipher=dict(type='str', aliases=['master_ssl_cipher']), + primary_ssl_verify_server_cert=dict(type='bool', default=False), primary_use_gtid=dict(type='str', choices=[ 'current_pos', 'replica_pos', 'disabled'], aliases=['master_use_gtid']), primary_delay=dict(type='int', aliases=['master_delay']), @@ -487,6 +494,7 @@ def main(): primary_ssl_cert = module.params["primary_ssl_cert"] primary_ssl_key = module.params["primary_ssl_key"] primary_ssl_cipher = module.params["primary_ssl_cipher"] + primary_ssl_verify_server_cert = module.params["primary_ssl_verify_server_cert"] primary_auto_position = module.params["primary_auto_position"] ssl_cert = module.params["client_cert"] ssl_key = module.params["client_key"] @@ -595,6 +603,8 @@ def main(): chm.append("MASTER_SSL_KEY='%s'" % primary_ssl_key) if primary_ssl_cipher is not None: chm.append("MASTER_SSL_CIPHER='%s'" % primary_ssl_cipher) + if primary_ssl_verify_server_cert: + chm.append("SOURCE_SSL_VERIFY_SERVER_CERT=1") if primary_auto_position: chm.append("MASTER_AUTO_POSITION=1") if primary_use_gtid is not None: