Don't force SSL verify-full mode for localhost report DB

[cbosdo]

What does this PR change?

When the report database is installed on the server we don't need and can't use SSL to connect to it using localhost hostname. This comes in handy to avoid hairpin requests in the container setup.

GUI diff

No difference.

• DONE

Documentation

• No documentation needed: only internal and user invisible changes

• DONE

Test coverage

• No tests: container CI will soon use it

• DONE

Links

• DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

• No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Re-run a test

If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:

• Re-run test "changelog_test"
• Re-run test "backend_unittests_pgsql"
• Re-run test "java_pgsql_tests"
• Re-run test "schema_migration_test_pgsql"
• Re-run test "susemanager_unittests"
• Re-run test "javascript_lint"
• Re-run test "spacecmd_unittests"

[github-actions]

Suggested tests to cover this Pull Request

• minssh_salt_install_package
• min_deblike_monitoring
• srv_power_management
• min_salt_mgrcompat_state
• srv_sync_channels
• proxy_cobbler_pxeboot
• allcli_software_channels_dependencies
• srv_content_lifecycle
• minkvm_guests
• srv_task_status_engine
• srv_patches_page
• srv_logfile
• srv_rename_hostname
• srv_docker_cve_audit
• srv_enable_sync_products
• srv_create_repository
• srv_cobbler_profile
• min_empty_system_profiles
• min_ansible_control_node
• srv_reportdb
• min_retracted_patches
• srv_add_rocky8_repositories
• srv_organization_credentials
• allcli_reboot
• min_bootstrap_ssh_key
• srv_manage_activationkey
• min_deblike_salt_install_package
• buildhost_docker_build_image
• srv_custom_system_info
• minssh_bootstrap_api
• srv_advanced_search
• srv_cobbler_distro
• srv_scc_user_credentials
• min_rhlike_ssh
• allcli_update_activationkeys
• srv_datepicker
• min_salt_openscap_audit
• srv_change_password
• srv_user_preferences
• srv_cobbler_sync
• min_salt_install_with_staging
• allcli_config_channel
• min_salt_software_states
• srv_channels_add
• min_bootstrap_api
• min_bootstrap_reactivation
• min_rhlike_monitoring
• srv_distro_cobbler
• min_rhlike_salt_install_package_and_patch
• min_config_state_channel_api
• buildhost_osimage_build_image
• srv_group_union_intersection
• allcli_action_chain
• min_salt_pkgset_beacon
• buildhost_bootstrap
• proxy_branch_network
• srv_virtual_host_manager
• min_cve_id_new_syntax
• allcli_sanity
• min_deblike_ssh
• srv_check_channels_page
• srv_dist_channel_mapping
• min_config_state_channel
• srv_change_task_schedule
• min_salt_minions_page
• srv_delete_channel_with_tool
• srv_notifications
• min_deblike_remote_command
• sle_ssh_minion
• srv_wait_for_reposync
• srv_salt
• min_custom_pkg_download_endpoint
• allcli_software_channels
• srv_maintenance_windows
• sle_minion
• srv_cobbler_buildiso
• minssh_move_from_and_to_proxy
• srv_users
• srv_user_api
• srv_push_package
• min_docker_api
• srv_check_sync_source_packages
• srv_sync_products
• allcli_system_group
• srv_handle_config_channels_with_ISS_v2
• srv_delete_channel_from_ui
• srv_restart
• srv_power_management_redfish
• srv_user_configuration_salt_states
• min_bootstrap_negative
• min_activationkey
• srv_clone_channel_npn
• min_rhlike_salt
• min_salt_formulas_advanced
• srv_handle_software_channels_with_ISS_v2
• srv_manage_channels_page
• srv_mainpage
• min_salt_migration
• min_recurring_action
• proxy_as_pod_basic_tests
• min_salt_minion_details
• min_salt_lock_packages
• min_deblike_openscap_audit
• srv_menu_filter
• srv_check_reposync
• min_check_patches_install
• min_virthost
• srv_power_management_api
• min_move_from_and_to_proxy
• min_project_lotus
• min_config_state_channel_subscriptions
• srv_payg_ssh_connection
• min_timezone
• min_salt_user_states
• srv_activationkey_api
• minssh_ansible_control_node
• min_deblike_salt
• srv_docker
• buildhost_docker_auth_registry
• srv_monitoring
• min_deblike_salt_install_with_staging
• min_cve_audit
• min_rhlike_remote_command
• srv_channel_api
• proxy_retail_pxeboot_and_mass_import
• min_bootstrap_script
• min_rhlike_openscap_audit
• srv_docker_advanced_content_management
• srv_salt_download_endpoint
• proxy_register_as_minion_with_script
• min_salt_install_package
• srv_menu
• min_monitoring
• min_change_software_channel
• min_action_chain
• srv_osimage
• srv_first_settings
• minssh_action_chain
• srv_create_activationkey
• min_salt_formulas
• allcli_overview_systems_details
• srv_disable_local_repos_off
• min_ssh_tunnel

[mbussolotto]

LGTM. I just have one question: what happens if a user would like to change from remote to local db or opposite? I think it would not works, cause it need to change this ssl param. Maybe would it be better if this param is set by uyuni-setup-reportdb (the script used for creating reportdb) ?

[mcalmer]

@mbussolotto AFAIK this PR is targeting the client side of the DB connection. It tells psql CMD tool if it should require SSL or not. By default it require SSL, but if the configured name is "localhost", it is probably not part of the hostnames in the certificate. So we do not require it. This is independent of how the server is configured.

And uyuni-setup-reportdb is to setup the server.