openstack/puppet-aodh
Code Issues Proposed changes

apache+mod_wsgi: Disable SSL by default

Browse Source 
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I0f05258885570637aa9d53b2d6a69c1756f375e9
This commit is contained in:
Takashi Kajinami 2022-05-06 20:30:49 +09:00
parent 9400853421
commit 4ec7119fc6
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/wsgi/apache.pp
View File

@ -42,7 +42,7 @@
# #
# [*ssl*] # [*ssl*]
# Use ssl ? (boolean) # Use ssl ? (boolean)
# Optional. Defaults to true # Optional. Defaults to false
# #
# [*workers*] # [*workers*]
# Number of WSGI workers to spawn. # Number of WSGI workers to spawn.
@ -119,7 +119,7 @@ class aodh::wsgi::apache (
$port = 8042, $port = 8042,
$bind_host = undef, $bind_host = undef,
$path = '/', $path = '/',
$ssl = undef, $ssl = false,
$workers = $::os_workers, $workers = $::os_workers,
$ssl_cert = undef, $ssl_cert = undef,
$ssl_key = undef, $ssl_key = undef,
@ -140,11 +140,6 @@ class aodh::wsgi::apache (
$vhost_custom_fragment = undef, $vhost_custom_fragment = undef,
) inherits aodh::params { ) inherits aodh::params {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
include aodh::deps include aodh::deps
# NOTE(aschultz): needed because the packaging may introduce some apache # NOTE(aschultz): needed because the packaging may introduce some apache
@ -158,7 +153,7 @@ class aodh::wsgi::apache (
path => $path, path => $path,
priority => $priority, priority => $priority,
servername => $servername, servername => $servername,
ssl => $ssl_real, ssl => $ssl,
ssl_ca => $ssl_ca, ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir, ssl_certs_dir => $ssl_certs_dir,

5
releasenotes/notes/disable-apache-ssl-cebd6146263d9f8f.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- |
Default value of the ``aodh::wsgi::apache::ssl`` parameter has been changed
from ``true`` to ``false`` and now ssl is disabled by default.

6
spec/classes/aodh_wsgi_apache_spec.rb
View File

@ -10,7 +10,7 @@ describe 'aodh::wsgi::apache' do
:group => 'aodh', :group => 'aodh',
:path => '/', :path => '/',
:servername => facts[:fqdn], :servername => facts[:fqdn],
:ssl => true, :ssl => false,
:threads => 1, :threads => 1,
:user => 'aodh', :user => 'aodh',
:workers => facts[:os_workers], :workers => facts[:os_workers],
@ -31,7 +31,7 @@ describe 'aodh::wsgi::apache' do
:servername => 'dummy.host', :servername => 'dummy.host',
:bind_host => '10.42.51.1', :bind_host => '10.42.51.1',
:port => 12345, :port => 12345,
:ssl => false, :ssl => true,
:wsgi_process_display_name => 'aodh', :wsgi_process_display_name => 'aodh',
:workers => 37, :workers => 37,
:custom_wsgi_process_options => { :custom_wsgi_process_options => {
@ -52,7 +52,7 @@ describe 'aodh::wsgi::apache' do
:group => 'aodh', :group => 'aodh',
:path => '/', :path => '/',
:servername => 'dummy.host', :servername => 'dummy.host',
:ssl => false, :ssl => true,
:threads => 1, :threads => 1,
:user => 'aodh', :user => 'aodh',
:workers => 37, :workers => 37,