openstack/puppet-gnocchi
Code Issues Proposed changes

apache+mod_wsgi: Disable SSL by default

Browse Source 
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I7f32413d452e98306906002461ae0b4304d284ca
This commit is contained in:
Takashi Kajinami
2022-05-06 20:43:30 +09:00
parent 6eeb18e6eb
commit ce404cc090
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/wsgi/apache.pp
View File

@@ -42,7 +42,7 @@
# #
# [*ssl*] # [*ssl*]
# Use ssl ? (boolean) # Use ssl ? (boolean)
# Optional. Defaults to true # Optional. Defaults to false
# #
# [*workers*] # [*workers*]
# Number of WSGI workers to spawn. # Number of WSGI workers to spawn.
@@ -110,7 +110,7 @@ class gnocchi::wsgi::apache (
$port = 8041, $port = 8041,
$bind_host = undef, $bind_host = undef,
$path = '/', $path = '/',
$ssl = undef, $ssl = false,
$workers = $::os_workers, $workers = $::os_workers,
$ssl_cert = undef, $ssl_cert = undef,
$ssl_key = undef, $ssl_key = undef,
@@ -129,11 +129,6 @@ class gnocchi::wsgi::apache (
$vhost_custom_fragment = undef, $vhost_custom_fragment = undef,
) { ) {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
include gnocchi::deps include gnocchi::deps
include gnocchi::params include gnocchi::params
@@ -146,7 +141,7 @@ class gnocchi::wsgi::apache (
path => $path, path => $path,
priority => $priority, priority => $priority,
servername => $servername, servername => $servername,
ssl => $ssl_real, ssl => $ssl,
ssl_ca => $ssl_ca, ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir, ssl_certs_dir => $ssl_certs_dir,

5
releasenotes/notes/disable-apache-ssl-c2c62907caa34749.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
upgrade:
- |
Default value of the ``gnocchi::wsgi::apache::ssl`` parameter has been
changed from ``true`` to ``false`` and now ssl is disabled by default.

6
spec/classes/gnocchi_wsgi_apache_spec.rb
View File

@@ -10,7 +10,7 @@ describe 'gnocchi::wsgi::apache' do
:group => 'gnocchi', :group => 'gnocchi',
:path => '/', :path => '/',
:servername => facts[:fqdn], :servername => facts[:fqdn],
:ssl => true, :ssl => false,
:threads => 1, :threads => 1,
:user => 'gnocchi', :user => 'gnocchi',
:workers => facts[:os_workers], :workers => facts[:os_workers],
@@ -31,7 +31,7 @@ describe 'gnocchi::wsgi::apache' do
:servername => 'dummy.host', :servername => 'dummy.host',
:bind_host => '10.42.51.1', :bind_host => '10.42.51.1',
:port => 12345, :port => 12345,
:ssl => false, :ssl => true,
:workers => 8, :workers => 8,
:wsgi_process_display_name => 'gnocchi', :wsgi_process_display_name => 'gnocchi',
:threads => 2, :threads => 2,
@@ -52,7 +52,7 @@ describe 'gnocchi::wsgi::apache' do
:group => 'gnocchi', :group => 'gnocchi',
:path => '/', :path => '/',
:servername => 'dummy.host', :servername => 'dummy.host',
:ssl => false, :ssl => true,
:threads => 2, :threads => 2,
:user => 'gnocchi', :user => 'gnocchi',
:vhost_custom_fragment => 'Timeout 99', :vhost_custom_fragment => 'Timeout 99',