Add check_hostname option to db healthcheck tasks

To allow encrypting connections of db healthcheck tasks, include the check_hostname option to verify a server host name when an SSL connection is required. Also enable galera_require_secure_transport during TLS test jobs. Change-Id: I23d839e75b202d0400aeefe6e98c429e16ecd37e
2024-03-05 08:18:55 -08:00 · 2024-03-05 08:18:55 -08:00 · 6240c769c0
parent e72984ca95
commit 6240c769c0
2 changed files with 5 additions and 0 deletions
--- a/playbooks/healthcheck-infrastructure.yml
+++ b/playbooks/healthcheck-infrastructure.yml
@ -240,6 +240,7 @@
        login_host: "{{ management_address }}"
        name: "OSA-test"
        state: "present"
+        check_hostname: true
      when: inventory_hostname == groups['galera_all'][0]
      tags:
        - skip_ansible_lint
@ -254,6 +255,7 @@
        host: "{{ item }}"
        state: "present"
        priv: "OSA-test.*:ALL"
+        check_hostname: true
      with_items:
        - "localhost"
        - "%"
@ -278,6 +280,7 @@
        name: "osa-tester"
        state: "absent"
        host: "{{ item }}"
+        check_hostname: true
      with_items:
        - "localhost"
        - "%"
@ -290,6 +293,7 @@
        login_host: "{{ management_address }}"
        name: "OSA-test"
        state: "absent"
+        check_hostname: true
      when: inventory_hostname == groups['galera_all'][0]
      tags:
        - skip_ansible_lint
--- a/tests/roles/bootstrap-host/templates/user_variables_tls.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables_tls.yml.j2
@ -17,6 +17,7 @@
 openstack_service_publicuri_proto: https
 openstack_service_adminuri_proto: https
 openstack_service_internaluri_proto: https
+galera_require_secure_transport: True
 haproxy_ssl: True
 haproxy_ssl_all_vips: True
 rabbitmq_management_ssl: True