Update foreman database SSL params to match the other roles

evgeni · evgeni · commit 372e4e271f7f · 2026-02-18T12:13:40.000+01:00
Renames foreman_database_sslrootcert to foreman_database_ssl_ca
and foreman_database_sslmode to foreman_database_ssl_mode
diff --git a/src/roles/check_database_connection/tasks/main.yaml b/src/roles/check_database_connection/tasks/main.yaml
@@ -8,8 +8,8 @@
       user: "{{ foreman_database_user }}"
       password: "{{ foreman_database_password }}"
       dbname: "{{ foreman_database_name }}"
-      ca_cert: "{{ foreman_database_sslrootcert | default(omit) }}"
-      sslmode: "{{ foreman_database_sslmode | default(omit) }}"
+      ca_cert: "{{ foreman_database_ssl_ca | default(omit) }}"
+      sslmode: "{{ foreman_database_ssl_mode | default(omit) }}"
 
     - name: Candlepin
       host: "{{ candlepin_database_host }}"
diff --git a/src/roles/foreman/defaults/main.yaml b/src/roles/foreman/defaults/main.yaml
@@ -7,8 +7,8 @@ foreman_database_user: foreman
 foreman_database_host: localhost
 foreman_database_port: 5432
 foreman_database_pool: 9
-foreman_database_sslmode: disable
-foreman_database_sslrootcert:
+foreman_database_ssl_mode: disable
+foreman_database_ssl_ca:
 
 foreman_url: "http://{{ ansible_facts['fqdn'] }}:3000"
 
diff --git a/src/roles/foreman/tasks/main.yaml b/src/roles/foreman/tasks/main.yaml
@@ -8,7 +8,7 @@
   containers.podman.podman_secret:
     state: present
     name: foreman-database-url
-    data: "postgresql://{{ foreman_database_user }}:{{ foreman_database_password }}@{{ foreman_database_host }}:{{ foreman_database_port }}/{{ foreman_database_name }}?pool={{ foreman_database_pool }}&sslmode={{ foreman_database_sslmode }}{% if foreman_database_sslrootcert is defined %}&sslrootcert=/etc/foreman/db-ca.crt{% endif %}" # yamllint disable-line rule:line-length
+    data: "postgresql://{{ foreman_database_user }}:{{ foreman_database_password }}@{{ foreman_database_host }}:{{ foreman_database_port }}/{{ foreman_database_name }}?pool={{ foreman_database_pool }}&sslmode={{ foreman_database_ssl_mode }}{% if foreman_database_ssl_ca is defined %}&sslrootcert=/etc/foreman/db-ca.crt{% endif %}" # yamllint disable-line rule:line-length
   notify:
     - Restart foreman
     - Restart dynflow-sidekiq@
@@ -88,7 +88,7 @@
   containers.podman.podman_secret:
     state: present
     name: foreman-db-ca
-    data: "{{ lookup('ansible.builtin.file', foreman_database_sslrootcert) if foreman_database_sslrootcert else 'empty' }}"
+    data: "{{ lookup('ansible.builtin.file', foreman_database_ssl_ca) if foreman_database_ssl_ca else 'empty' }}"
   notify:
     - Restart foreman
     - Restart dynflow-sidekiq@
diff --git a/src/vars/database.yml b/src/vars/database.yml
@@ -26,8 +26,8 @@ pulp_database_ssl_ca: "{{ database_ssl_ca }}"
 
 foreman_database_host: "{{ database_host }}"
 foreman_database_port: "{{ database_port }}"
-foreman_database_sslmode: "{{ database_ssl_mode }}"
-foreman_database_sslrootcert: "{{ database_ssl_ca }}"
+foreman_database_ssl_mode: "{{ database_ssl_mode }}"
+foreman_database_ssl_ca: "{{ database_ssl_ca }}"
 
 postgresql_databases:
   - name: "{{ candlepin_database_name }}"
