-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't force SSL verify-full mode for localhost report DB #7459
Conversation
When the report database is installed on the server we don't need and can't use SSL to connect to it using localhost hostname. This comes in handy to avoid hairpin requests in the container setup.
Suggested tests to cover this Pull Request
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I just have one question: what happens if a user would like to change from remote to local db or opposite? I think it would not works, cause it need to change this ssl param. Maybe would it be better if this param is set by uyuni-setup-reportdb
(the script used for creating reportdb) ?
@mbussolotto AFAIK this PR is targeting the client side of the DB connection. It tells psql CMD tool if it should require SSL or not. By default it require SSL, but if the configured name is "localhost", it is probably not part of the hostnames in the certificate. So we do not require it. This is independent of how the server is configured. And uyuni-setup-reportdb is to setup the server. |
What does this PR change?
When the report database is installed on the server we don't need and can't use SSL to connect to it using localhost hostname. This comes in handy to avoid hairpin requests in the container setup.
GUI diff
No difference.
Documentation
No documentation needed: only internal and user invisible changes
DONE
Test coverage
No tests: container CI will soon use it
DONE
Links
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
If you uncheck the checkbox after the PR is created, you will need to re-run
changelog_test
(see below)Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run: