Allow cert validation to be toggled by deployers

Default to validation, but allow deployers to override if they have hosts behind a misbehaving proxy server or are serving the deb from an alternate location with a self-signed certificate Change-Id: I5f104867c6c7dd41d288477a1c330ff3243644fd
2016-03-11 14:06:57 -05:00 · 2016-03-11 14:06:57 -05:00 · d5f28a93bd
commit d5f28a93bd
parent 785dd15d1a
2 changed files with 5 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -93,6 +93,10 @@ galera_package_url: "https://www.percona.com/downloads/XtraBackup/Percona-XtraBa
 galera_package_sha256: "2f58eedefa905583f0650f77bb2b149139c4066c7fb690202124fe5c7ac83e9e"
 galera_package_path: "/opt/{{ galera_package_url | basename }}"

+# Validate SSL certificates when downloading the galera deb above
+# May be set to "no" when proxy server is intercepting the certificates.
+galera_package_download_validate_certs: "yes"
+
 galera_pip_packages:
  - MySQL-python
  - pycrypto
--- a/tasks/galera_pre_install.yml
+++ b/tasks/galera_pre_install.yml
@ -103,6 +103,7 @@
    dest: "{{ galera_package_path }}"
    mode: "0644"
    sha256sum: "{{ galera_package_sha256 }}"
+    validate_certs: "{{ galera_package_download_validate_certs }}"
  register: package_download
  retries: 3
  delay: 10