[BACKPORT 2.20.0] [PLAT-11526] Add HA disable cert validation runtime…

… conf Summary: This runtime conf is respected by the code but not settable via the UI. Adding this entry to GlobalConfKeys should allow this to happen. Original diff - https://phorge.dev.yugabyte.com/D30410 Test Plan: (Tested on master) Brought up YBA1 and YBA2 with yba-installer, setup HA with no trust store. Created a univ on YBA1. Verified primary YBA1 was unable to send backups to standby. Set the config "yb.ha.ws.ssl.loose.acceptAnyCertificate" on YBA1 and restarted it (the change listener did not pick up this change and notify existing ws clients) Verified that HA started to work correctly with YBA2 receiving backups Promoted YBA2 and verified universe could be seen here and that YBA1 was demoted succesfully. Reviewers: dshubin, muthu Reviewed By: dshubin Subscribers: yugaware Tags: #jenkins-ready Differential Revision: https://phorge.dev.yugabyte.com/D30513
yugabyte · Nov 28, 2023 · 9e489c1 · 9e489c1
1 parent 5479dd2
commit 9e489c1
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/managed/src/main/java/com/yugabyte/yw/common/config/GlobalConfKeys.java b/managed/src/main/java/com/yugabyte/yw/common/config/GlobalConfKeys.java
@@ -1074,4 +1074,22 @@ public class GlobalConfKeys extends RuntimeConfigKeysModule {
           "View granular level metrics when user selects specific time period in a chart",
           ConfDataType.BooleanType,
           ImmutableList.of(ConfKeyTags.PUBLIC));
+  public static final ConfKeyInfo<Boolean> haDisableCertValidation =
+      new ConfKeyInfo<>(
+          "yb.ha.ws.ssl.loose.acceptAnyCertificate",
+          ScopeType.GLOBAL,
+          "Disable all cert validation for HA communication",
+          "When set, https certs will not be validated for HA communication."
+              + " Communication will still be encrypted.",
+          ConfDataType.BooleanType,
+          ImmutableList.of(ConfKeyTags.PUBLIC));
+  public static final ConfKeyInfo<Boolean> haDisableCertHostValidation =
+      new ConfKeyInfo<>(
+          "yb.ha.ws.ssl.loose.disableHostnameVerification",
+          ScopeType.GLOBAL,
+          "Disable hostname cert validation for HA communication",
+          "When set, the hostname in https certs will not be validated for HA communication."
+              + " Communication will still be encrypted.",
+          ConfDataType.BooleanType,
+          ImmutableList.of(ConfKeyTags.PUBLIC));
 }