From 3cef1a78c1efde2db3e37fe23aa8253cf2e704e4 Mon Sep 17 00:00:00 2001
From: Alfredo Moralejo <amoralej@redhat.com>
Date: Thu, 11 Jan 2024 15:27:49 +0100
Subject: [PATCH] Undefine ssl certificate parameters for mariadb

After mariadb 10.5.18, mariadb fails to start if ssl cert parameters
are configured in the file but the certificates do not exist [1]. This
problem was fixed in puppetlabs-mysql 13.1.0[2] but we use older
versions (13.0.0 in stable/zed for example) in stable branch jobs.

CentOS Stream 9 has just bumped to mariadb-10.5.22 and this is breaking
all non-ssl jobs.

All releases <= Zed didn't use ssl in mariadb with p-o-i deployments
but puppetlabs-mysql set default values so we need to explicitly
undefine them.

[1] https://mariadb.com/kb/en/mariadb-10-5-18-release-notes/#ssl
[2] https://github.com/puppetlabs/puppetlabs-mysql/issues/1509

Change-Id: Ibe0a00c02dcf855b313ea2e31f098e3d46d2c088
(cherry picked from commit 110821810d35fa69576f46c8960cb317893ac08e)
(cherry picked from commit 0df0cccba6d67293b2acfc41e92806a2c9d73383)
(cherry picked from commit dcf83787866461dcdc074e8684e2ac8b5b1c52d2)
---
 manifests/mysql.pp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/manifests/mysql.pp b/manifests/mysql.pp
index d3a7e085e..167c05405 100644
--- a/manifests/mysql.pp
+++ b/manifests/mysql.pp
@@ -1,6 +1,14 @@
 class openstack_integration::mysql {
 
-  class { 'mysql::server': }
+  class { 'mysql::server':
+    override_options => {
+      'mysqld' => {
+        'ssl-ca'   => undef,
+        'ssl-cert' => undef,
+        'ssl-key'  => undef,
+      },
+    },
+  }
 
   # FIXME (amoralej) Required until a new release of mariadb-libs is released by RDO
   # Fedora and CentOS8 do not have mariadb-libs, so changing only for CentOS