openstack-ansible-os_neutron

History

Dmitriy Rabotyagov 18024df25d Refactor galera_use_ssl behaviour With PKI role in place in most cases you don't need to explicitly provide path to the CA file because PKI role ensures that CA is trusted by the system overall. In the meanwhile in PyMySQL [1] you must either provide CA file or cert/key or enable verify. Since current behaviour is to provide path to the custom CA we expect certificate being trusted overall. Thus we enable cert verification when galera_use_ssl is True. [1] `78f0cf99e5/pymysql/connections.py (L267)` Change-Id: I1d9e22487272b1e1f0ce5f66045bc53d7c031d67	2021-09-20 17:57:22 +03:00
..
main.yml	Refactor galera_use_ssl behaviour	2021-09-20 17:57:22 +03:00

Dmitriy Rabotyagov 18024df25d Refactor galera_use_ssl behaviour

With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I1d9e22487272b1e1f0ce5f66045bc53d7c031d67

2021-09-20 17:57:22 +03:00

main.yml Refactor galera_use_ssl behaviour 2021-09-20 17:57:22 +03:00