Prepare to update default of <service>::wsgi::apache::ssl

Currently the <service>::wsgi::apache::ssl parameters have inconsistent default values. Some parameters default to true while the other default to false. Based on the following points, false is considered to be the more reasonable default. - Usage of SSL is optional and is not always required - There are other methods(like load-balancer) to implement SSL termination - Enabling SSL doesn't work with the default values currently defined, and requires additional parameters like ssl_cert. - false is the default value defined in the base implementation in puppet-openstacklib. This change is the preparation to change the default value, and introduces a warning message to make users aware of the future change. Change-Id: Ib0272c1525a6974894a6101c40b50a7deb7cbea7
2021-11-02 20:50:19 +09:00 · 2021-11-02 20:50:19 +09:00 · c475277bce
commit c475277bce
parent e9a758a6f9
2 changed files with 14 additions and 3 deletions
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -119,7 +119,7 @@ class aodh::wsgi::apache (
  $port                        = 8042,
  $bind_host                   = undef,
  $path                        = '/',
-  $ssl                         = true,
+  $ssl                         = undef,
  $workers                     = $::os_workers,
  $ssl_cert                    = undef,
  $ssl_key                     = undef,
@ -140,10 +140,15 @@ class aodh::wsgi::apache (
  $vhost_custom_fragment       = undef,
 ) inherits aodh::params {

+  if $ssl == undef {
+    warning('Default of the ssl parameter will be changed in a future release')
+  }
+  $ssl_real = pick($ssl, true)
+
  include aodh::deps
  include apache
  include apache::mod::wsgi
-  if $ssl {
+  if $ssl_real {
    include apache::mod::ssl
  }

@ -171,7 +176,7 @@ Use $::aodh::params::aodh_wsgi_script_source instead')
    path                        => $path,
    priority                    => $priority,
    servername                  => $servername,
-    ssl                         => $ssl,
+    ssl                         => $ssl_real,
    ssl_ca                      => $ssl_ca,
    ssl_cert                    => $ssl_cert,
    ssl_certs_dir               => $ssl_certs_dir,
--- a/releasenotes/notes/prepare-to-change-apache-ssl-7777c0a358f69279.yaml
+++ b/releasenotes/notes/prepare-to-change-apache-ssl-7777c0a358f69279.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Default value of the ``aodh::wsgi::apache::ssl`` parameter will be changed
+    from ``true`` to ``false`` in a future release. Make sure the parameter is
+    set to the desired value.