apache+mod_wsgi: Disable SSL by default
During the previous cycle, a warning message was added to inform users of this change. Now the default value is updated so that SSL is disabled by default. Change-Id: I0fa974214bae800eb0bd9fd19a9824152e9e5632
This commit is contained in:
parent
afc28df75d
commit
472d22e584
|
@ -28,7 +28,7 @@
|
|||
#
|
||||
# [*ssl*]
|
||||
# (Optional) Use SSL.
|
||||
# Defaults to true
|
||||
# Defaults to false
|
||||
#
|
||||
# [*workers*]
|
||||
# (Optional) Number of WSGI workers to spawn.
|
||||
|
@ -138,7 +138,7 @@ class keystone::wsgi::apache (
|
|||
$bind_host = undef,
|
||||
$api_port = 5000,
|
||||
$path = '/',
|
||||
$ssl = undef,
|
||||
$ssl = false,
|
||||
$workers = $::os_workers_keystone,
|
||||
$ssl_cert = undef,
|
||||
$ssl_key = undef,
|
||||
|
@ -165,11 +165,6 @@ class keystone::wsgi::apache (
|
|||
$custom_wsgi_process_options = {},
|
||||
) inherits keystone::params {
|
||||
|
||||
if $ssl == undef {
|
||||
warning('Default of the ssl parameter will be changed in a future release')
|
||||
}
|
||||
$ssl_real = pick($ssl, true)
|
||||
|
||||
include keystone::deps
|
||||
|
||||
::openstacklib::wsgi::apache { 'keystone_wsgi':
|
||||
|
@ -182,7 +177,7 @@ class keystone::wsgi::apache (
|
|||
threads => $threads,
|
||||
user => $::keystone::params::keystone_user,
|
||||
priority => $priority,
|
||||
ssl => $ssl_real,
|
||||
ssl => $ssl,
|
||||
ssl_cert => $ssl_cert,
|
||||
ssl_key => $ssl_key,
|
||||
ssl_chain => $ssl_chain,
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
Default value of the ``keystone::wsgi::apache::ssl`` parameter has been
|
||||
changed from ``true`` to ``false`` and now ssl is disabled by default.
|
|
@ -5,7 +5,6 @@ describe 'keystone::wsgi::apache' do
|
|||
let :pre_condition do
|
||||
"class { 'keystone':
|
||||
service_name => 'httpd',
|
||||
enable_ssl => true,
|
||||
}"
|
||||
end
|
||||
|
||||
|
@ -25,7 +24,7 @@ describe 'keystone::wsgi::apache' do
|
|||
:threads => 1,
|
||||
:user => 'keystone',
|
||||
:priority => '10',
|
||||
:ssl => true,
|
||||
:ssl => false,
|
||||
:wsgi_daemon_process => 'keystone',
|
||||
:wsgi_process_display_name => 'keystone',
|
||||
:wsgi_process_group => 'keystone',
|
||||
|
@ -53,7 +52,7 @@ describe 'keystone::wsgi::apache' do
|
|||
:bind_host => '127.0.0.1',
|
||||
:api_port => 1234,
|
||||
:path => '/keystone',
|
||||
:ssl => false,
|
||||
:ssl => true,
|
||||
:workers => 10,
|
||||
:ssl_cert => 'ssl cert',
|
||||
:ssl_key => 'ssl key',
|
||||
|
|
Loading…
Reference in New Issue