openstack/puppet-nova
Code Issues Proposed changes

apache+mod_wsgi: Disable SSL by default

Browse Source 
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: Ie8c6291188c039293ad9e3d6cee6fe3bd3d7fcdb
This commit is contained in:
Takashi Kajinami 2022-05-06 21:02:39 +09:00
parent a88016b1a6
commit 57035a5f42
5 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/wsgi/apache_api.pp
View File

@ -42,7 +42,7 @@
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
# Optional. Defaults to false
#
# [*workers*]
# Number of WSGI workers to spawn.
@ -110,7 +110,7 @@ class nova::wsgi::apache_api (
$api_port = 8774,
$bind_host = undef,
$path = '/',
$ssl = undef,
$ssl = false,
$workers = $::os_workers,
$ssl_cert = undef,
$ssl_key = undef,
@ -129,11 +129,6 @@ class nova::wsgi::apache_api (
$vhost_custom_fragment = undef,
) {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
include nova::params
if ! defined(Class[nova::api]) {
@ -147,7 +142,7 @@ class nova::wsgi::apache_api (
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl_real,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,

11
manifests/wsgi/apache_metadata.pp
View File

@ -28,7 +28,7 @@
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
# Optional. Defaults to false
#
# [*workers*]
# Number of WSGI workers to spawn.
@ -96,7 +96,7 @@ class nova::wsgi::apache_metadata (
$api_port = 8775,
$bind_host = undef,
$path = '/',
$ssl = undef,
$ssl = false,
$workers = $::os_workers,
$ssl_cert = undef,
$ssl_key = undef,
@ -116,11 +116,6 @@ class nova::wsgi::apache_metadata (
$vhost_custom_fragment = undef,
) {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
include nova::params
nova::generic_service { 'metadata-api':
@ -142,7 +137,7 @@ class nova::wsgi::apache_metadata (
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl_real,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,

8
releasenotes/notes/disable-apache-ssl-14a2e2c2c4d89dee.yaml Normal file
View File

@ -0,0 +1,8 @@
---
upgrade:
- |
Default value of the following parameters has been changed from ``true`` to
``false`` and now ssl is disabled by default.
- ``nova::wsgi::apache_api::ssl``
- ``nova::wsgi::apache_metadata::ssl``

6
spec/classes/nova_wsgi_apache_api_spec.rb
View File

@ -19,7 +19,7 @@ describe 'nova::wsgi::apache_api' do
:group => 'nova',
:path => '/',
:servername => facts[:fqdn],
:ssl => true,
:ssl => false,
:threads => 1,
:user => 'nova',
:workers => facts[:os_workers],
@ -51,7 +51,7 @@ describe 'nova::wsgi::apache_api' do
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:api_port => 12345,
:ssl => false,
:ssl => true,
:vhost_custom_fragment => 'Timeout 99',
:wsgi_process_display_name => 'nova-api',
:workers => 37,
@ -71,7 +71,7 @@ describe 'nova::wsgi::apache_api' do
:group => 'nova',
:path => '/',
:servername => 'dummy.host',
:ssl => false,
:ssl => true,
:threads => 1,
:user => 'nova',
:vhost_custom_fragment => 'Timeout 99',

6
spec/classes/nova_wsgi_apache_metadata_spec.rb
View File

@ -17,7 +17,7 @@ describe 'nova::wsgi::apache_metadata' do
:group => 'nova',
:path => '/',
:servername => facts[:fqdn],
:ssl => true,
:ssl => false,
:threads => 1,
:user => 'nova',
:workers => facts[:os_workers],
@ -47,7 +47,7 @@ describe 'nova::wsgi::apache_metadata' do
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:api_port => 12345,
:ssl => false,
:ssl => true,
:vhost_custom_fragment => 'Timeout 99',
:wsgi_process_display_name => 'nova-metadata',
:workers => 37,
@ -67,7 +67,7 @@ describe 'nova::wsgi::apache_metadata' do
:group => 'nova',
:path => '/',
:servername => 'dummy.host',
:ssl => false,
:ssl => true,
:threads => 1,
:user => 'nova',
:vhost_custom_fragment => 'Timeout 99',