From 1e4530d27f0916d1e1b2a6f5c4f425924cc0bfed Mon Sep 17 00:00:00 2001
From: Daniel Rodowicz <drodowic@redhat.com>
Date: Fri, 11 Oct 2024 09:28:19 -0400
Subject: [PATCH 1/2] Specify sslrootcert in database options

Issue: AAP-32390
---
 playbooks/galaxy.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/galaxy.yaml b/playbooks/galaxy.yaml
index f59d196a..e9653edd 100644
--- a/playbooks/galaxy.yaml
+++ b/playbooks/galaxy.yaml
@@ -24,6 +24,7 @@
           CONN_MAX_AGE: 0
           OPTIONS:
             sslmode: '{{ postgres_sslmode }}'
+            sslrootcert: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
       static_root: /app/galaxy_ng/app/static/
       redis_host: "{{ ansible_operator_meta.name }}-redis-svc"
       redis_port: 6379

From e0d4e44bee505b7a8fd24e5b79b0745d1fe4c92b Mon Sep 17 00:00:00 2001
From: Daniel Rodowicz <drodowic@redhat.com>
Date: Mon, 14 Oct 2024 13:52:38 -0400
Subject: [PATCH 2/2] conditionally specify sslrootcert

---
 playbooks/galaxy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/galaxy.yaml b/playbooks/galaxy.yaml
index e9653edd..64979469 100644
--- a/playbooks/galaxy.yaml
+++ b/playbooks/galaxy.yaml
@@ -24,7 +24,7 @@
           CONN_MAX_AGE: 0
           OPTIONS:
             sslmode: '{{ postgres_sslmode }}'
-            sslrootcert: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
+            sslrootcert: "{{'/etc/pki/tls/certs/ca-bundle.crt' if (postgres_sslmode in ['verify-ca', 'verify-full'])}}"
       static_root: /app/galaxy_ng/app/static/
       redis_host: "{{ ansible_operator_meta.name }}-redis-svc"
       redis_port: 6379