Skip to content

pass in the configured DB ca (if any) to the container#345

Merged
evgeni merged 5 commits intomasterfrom
ssldb
Mar 17, 2026
Merged

pass in the configured DB ca (if any) to the container#345
evgeni merged 5 commits intomasterfrom
ssldb

Conversation

@evgeni
Copy link
Copy Markdown
Member

@evgeni evgeni commented Dec 2, 2025

No description provided.

@ehelms
Copy link
Copy Markdown
Member

ehelms commented Dec 2, 2025

This looks related to #141 but is not an aspect I have incorporated. I was wanting to get in a version of remote database testing and then harden it with more of the options.

@evgeni
Copy link
Copy Markdown
Member Author

evgeni commented Dec 2, 2025

It is, @Gauravtalreja1 ran into this when testing ext db stuff

@evgeni evgeni force-pushed the ssldb branch 5 times, most recently from f8a1e26 to 1ba7910 Compare December 2, 2025 17:37
evgeni
evgeni commented Dec 3, 2025
View reviewed changes
@evgeni evgeni force-pushed the ssldb branch 4 times, most recently from 921e621 to 7355577 Compare December 5, 2025 08:39
ehelms
ehelms reviewed Dec 5, 2025
View reviewed changes
src/roles/candlepin/tasks/main.yml
containers.podman.podman_secret:
state: present
name: candlepin-db-ca
data: "{{ lookup('ansible.builtin.file', candlepin_database_ssl_ca) if candlepin_database_ssl_ca else 'empty' }}"
Copy link
Copy Markdown
Member

@ehelms ehelms Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is creating an empty secret if there is no database SSL cert? Why not use a when conditional on the sercret?

Copy link
Copy Markdown
Member Author

@evgeni evgeni Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because then I need to also conditionally mount it, and that's painful ;)

Copy link
Copy Markdown
Member

@ehelms ehelms Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get that, I worry about this being a red herring while debugging.

Copy link
Copy Markdown
Member Author

@evgeni evgeni Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what kind of red herring? the file being present?

Copy link
Copy Markdown
Member

@ehelms ehelms Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. The file / secret being present but empty raises the "should it be empty? or is it accidentally empty?"

Copy link
Copy Markdown
Member Author

@evgeni evgeni Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's why the string is "empty", or should I do "this secret was intentionally left blank"?

@ehelms
Copy link
Copy Markdown
Member

ehelms commented Feb 18, 2026

What else do you think is needed to take it out of draft?

@evgeni
Copy link
Copy Markdown
Member Author

evgeni commented Feb 18, 2026

I wanted to write up some tests to validate it.

@evgeni evgeni force-pushed the ssldb branch 2 times, most recently from 46aeafa to 3a61d77 Compare February 19, 2026 08:06
evgeni
evgeni commented Feb 19, 2026
View reviewed changes
@evgeni evgeni force-pushed the ssldb branch 7 times, most recently from 481ca09 to d157f1a Compare February 19, 2026 10:55
@evgeni evgeni force-pushed the ssldb branch 3 times, most recently from a0572e5 to 9adce9d Compare February 19, 2026 13:12
@evgeni evgeni marked this pull request as ready for review February 19, 2026 13:26
@evgeni
Copy link
Copy Markdown
Member Author

evgeni commented Feb 19, 2026

@ehelms look, no draft!

Gauravtalreja1
Gauravtalreja1 reviewed Feb 20, 2026
View reviewed changes
evgeni
evgeni commented Feb 23, 2026
View reviewed changes
evgeni
evgeni commented Feb 27, 2026
View reviewed changes
Gauravtalreja1
Gauravtalreja1 reviewed Mar 12, 2026
View reviewed changes
Gauravtalreja1
Gauravtalreja1 approved these changes Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown

@Gauravtalreja1 Gauravtalreja1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 🍏
Tested this with foremanctl-1.2.0-1.20260303084744080355.pr345.20.g01afd69.el9.noarch
It works as expected to deploy Foreman with external DB for both SSL and non-SSL

Thank you @evgeni 🚀

@evgeni evgeni merged commit c349360 into master Mar 17, 2026
11 checks passed
@evgeni evgeni deleted the ssldb branch March 17, 2026 14:45
@evgeni evgeni linked an issue Mar 24, 2026 that may be closed by this pull request
providing CA certs to containers for ext-DB #126
Closed
@evgeni evgeni mentioned this pull request Mar 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehelms ehelms ehelms approved these changes

@Gauravtalreja1 Gauravtalreja1 Gauravtalreja1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

providing CA certs to containers for ext-DB

3 participants

@evgeni @ehelms @Gauravtalreja1