diff --git a/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml b/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml index 52feb9bd2..2610f2254 100644 --- a/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml +++ b/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml @@ -63,8 +63,14 @@ magento_core_config_settings: "{{ magento_core_config_settings + magento_baler_js_bundling_core_config }}" when: magento_scd_advanced_js_bundling and magento_scd_advanced_js_bundling_strategy == 'baler' +- name: Download CA RDS + ansible.builtin.get_url: + url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem + dest: /tmp/eu-central-1-bundle.pem + mode: '0666' + - name: Check if database is initialized - command: mysql -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';" + command: mysql --ssl-ca=/tmp/eu-central-1-bundle.pem -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';" changed_when: false register: admins diff --git a/roles/cs.magento-configure/tasks/080-core-config.yml b/roles/cs.magento-configure/tasks/080-core-config.yml index e3ec18022..db87a1ae1 100644 --- a/roles/cs.magento-configure/tasks/080-core-config.yml +++ b/roles/cs.magento-configure/tasks/080-core-config.yml @@ -9,12 +9,20 @@ magento_core_config_settings: "{{ magento_core_config_settings + _extra_items }}" when: magento_varnish_host | default(false, true) +- name: Download CA RDS + ansible.builtin.get_url: + url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem + dest: /tmp/eu-central-1-bundle.pem + mode: '0666' + + - name: Ensure core config database settings' values community.mysql.mysql_query: login_db: "{{ mageops_app_mysql_db }}" login_host: "{{ mageops_mysql_host }}" login_user: "{{ mageops_app_mysql_user }}" login_password: "{{ mageops_app_mysql_pass }}" + ca_cert: /tmp/eu-central-1-bundle.pem query: | INSERT INTO `core_config_data` SET @@ -35,6 +43,7 @@ login_host: "{{ mageops_mysql_host }}" login_user: "{{ mageops_app_mysql_user }}" login_password: "{{ mageops_app_mysql_pass }}" + ca_cert: /tmp/eu-central-1-bundle.pem query: | INSERT IGNORE INTO `core_config_data` SET @@ -47,12 +56,14 @@ loop_control: loop_var: magento_db_setting + - name: Ensure core config database settings are absent (defaults are used) community.mysql.mysql_query: login_db: "{{ mageops_app_mysql_db }}" login_host: "{{ mageops_mysql_host }}" login_user: "{{ mageops_app_mysql_user }}" login_password: "{{ mageops_app_mysql_pass }}" + ca_cert: /tmp/eu-central-1-bundle.pem query: | DELETE FROM core_config_data WHERE diff --git a/roles/cs.mysql-configure/tasks/create-db.yml b/roles/cs.mysql-configure/tasks/create-db.yml index 008dc5cd4..a0133473d 100644 --- a/roles/cs.mysql-configure/tasks/create-db.yml +++ b/roles/cs.mysql-configure/tasks/create-db.yml @@ -1,3 +1,9 @@ +- name: Download CA RDS + ansible.builtin.get_url: + url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem + dest: /tmp/eu-central-1-bundle.pem + mode: '0666' + - name: Ensure project database exists mysql_db: login_host: "{{ mageops_mysql_host }}" @@ -5,6 +11,7 @@ login_password: "{{ mageops_mysql_root_pass }}" name: "{{ mageops_app_mysql_db }}" state: present + ca_cert: /tmp/eu-central-1-bundle.pem - name: Ensure project db user for external connections exists mysql_user: @@ -15,6 +22,7 @@ password: "{{ mageops_app_mysql_pass }}" host: "%" state: present + ca_cert: /tmp/eu-central-1-bundle.pem priv: "{{ mageops_app_mysql_db }}.*:{{ mysql_configure_all_db_permissions }}" - name: Ensure project db user for localhost exists @@ -26,5 +34,6 @@ password: "{{ mageops_app_mysql_pass }}" host: "localhost" state: present + ca_cert: /tmp/eu-central-1-bundle.pem priv: "{{ mageops_app_mysql_db }}.*:{{ mysql_configure_all_db_permissions }}" when: mysql_user_localhost_access