From c317250f967016edf908feaafc9bf79629c7604f Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 6 May 2022 20:47:58 +0900 Subject: [PATCH] apache+mod_wsgi: Disable SSL by default During the previous cycle, a warning message was added to inform users of this change. Now the default value is updated so that SSL is disabled by default. Change-Id: If565fecd8919d0a34c0b6b3009b7623610e78065 --- manifests/wsgi/apache.pp | 11 +++-------- .../notes/disable-apache-ssl-54072024953cd608.yaml | 5 +++++ spec/classes/ironic_wsgi_apache_spec.rb | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 releasenotes/notes/disable-apache-ssl-54072024953cd608.yaml diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 56e9b4b1..f1deaeb4 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -38,7 +38,7 @@ # # [*ssl*] # Use ssl ? (boolean) -# Optional. Defaults to true +# Optional. Defaults to false # # [*workers*] # Number of WSGI workers to spawn. @@ -107,7 +107,7 @@ class ironic::wsgi::apache ( $port = 6385, $bind_host = undef, $path = '/', - $ssl = undef, + $ssl = false, $workers = $::os_workers, $ssl_cert = undef, $ssl_key = undef, @@ -126,11 +126,6 @@ class ironic::wsgi::apache ( $vhost_custom_fragment = undef, ) { - if $ssl == undef { - warning('Default of the ssl parameter will be changed in a future release') - } - $ssl_real = pick($ssl, true) - include ironic::deps include ironic::params @@ -143,7 +138,7 @@ class ironic::wsgi::apache ( path => $path, priority => $priority, servername => $servername, - ssl => $ssl_real, + ssl => $ssl, ssl_ca => $ssl_ca, ssl_cert => $ssl_cert, ssl_certs_dir => $ssl_certs_dir, diff --git a/releasenotes/notes/disable-apache-ssl-54072024953cd608.yaml b/releasenotes/notes/disable-apache-ssl-54072024953cd608.yaml new file mode 100644 index 00000000..7a46207d --- /dev/null +++ b/releasenotes/notes/disable-apache-ssl-54072024953cd608.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Default value of the ``ironic::wsgi::apache::ssl`` parameter has been + changed from ``true`` to ``false`` and now ssl is disabled by default. diff --git a/spec/classes/ironic_wsgi_apache_spec.rb b/spec/classes/ironic_wsgi_apache_spec.rb index 52861be9..d91f2100 100644 --- a/spec/classes/ironic_wsgi_apache_spec.rb +++ b/spec/classes/ironic_wsgi_apache_spec.rb @@ -10,7 +10,7 @@ describe 'ironic::wsgi::apache' do :group => 'ironic', :path => '/', :servername => facts[:fqdn], - :ssl => true, + :ssl => false, :threads => 15, :user => 'ironic', :workers => facts[:os_workers], @@ -31,7 +31,7 @@ describe 'ironic::wsgi::apache' do :servername => 'dummy.host', :bind_host => '10.42.51.1', :port => 12345, - :ssl => false, + :ssl => true, :vhost_custom_fragment => 'Timeout 99', :wsgi_process_display_name => 'ironic', :workers => 37, @@ -50,7 +50,7 @@ describe 'ironic::wsgi::apache' do :group => 'ironic', :path => '/', :servername => 'dummy.host', - :ssl => false, + :ssl => true, :threads => 15, :user => 'ironic', :vhost_custom_fragment => 'Timeout 99',