From d5f28a93bd4012e1e27c5ce6b1419d6102aa023d Mon Sep 17 00:00:00 2001
From: Travis Truman <travis_truman@cable.comcast.com>
Date: Fri, 11 Mar 2016 14:06:57 -0500
Subject: [PATCH] Allow cert validation to be toggled by deployers

Default to validation, but allow deployers to override
if they have hosts behind a misbehaving proxy server or
are serving the deb from an alternate location with a
self-signed certificate

Change-Id: I5f104867c6c7dd41d288477a1c330ff3243644fd
---
 defaults/main.yml            | 4 ++++
 tasks/galera_pre_install.yml | 1 +
 2 files changed, 5 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 80a875ca..68dd75f5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -93,6 +93,10 @@ galera_package_url: "https://www.percona.com/downloads/XtraBackup/Percona-XtraBa
 galera_package_sha256: "2f58eedefa905583f0650f77bb2b149139c4066c7fb690202124fe5c7ac83e9e"
 galera_package_path: "/opt/{{ galera_package_url | basename }}"
 
+# Validate SSL certificates when downloading the galera deb above
+# May be set to "no" when proxy server is intercepting the certificates.
+galera_package_download_validate_certs: "yes"
+
 galera_pip_packages:
   - MySQL-python
   - pycrypto
diff --git a/tasks/galera_pre_install.yml b/tasks/galera_pre_install.yml
index 35f6f612..a1c761a1 100644
--- a/tasks/galera_pre_install.yml
+++ b/tasks/galera_pre_install.yml
@@ -103,6 +103,7 @@
     dest: "{{ galera_package_path }}"
     mode: "0644"
     sha256sum: "{{ galera_package_sha256 }}"
+    validate_certs: "{{ galera_package_download_validate_certs }}"
   register: package_download
   retries: 3
   delay: 10