apache+mod_wsgi: Disable SSL by default

During the previous cycle, a warning message was added to inform users of this change. Now the default value is updated so that SSL is disabled by default. Change-Id: I2853800fb6f8ba3276f7702b292386058d3343e2
2022-05-06 21:04:00 +09:00 · 2022-05-06 21:04:00 +09:00 · c3d53a6558
commit c3d53a6558
parent cd3e36236e
3 changed files with 10 additions and 10 deletions
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -40,7 +40,7 @@
 #
 # [*ssl*]
 #   (Optional) Use ssl ? (boolean)
-#   Defaults to true
+#   Defaults to false
 #
 # [*workers*]
 #   (Optional) Number of WSGI workers to spawn.
@ -102,7 +102,7 @@ class placement::wsgi::apache (
  $api_port                  = 8778,
  $bind_host                 = undef,
  $path                      = '/',
-  $ssl                       = undef,
+  $ssl                       = false,
  $workers                   = $::os_workers,
  $priority                  = '10',
  $threads                   = 1,
@ -122,11 +122,6 @@ class placement::wsgi::apache (
  $ensure_package            = undef,
 ) {

-  if $ssl == undef {
-    warning('Default of the ssl parameter will be changed in a future release')
-  }
-  $ssl_real = pick($ssl, true)
-
  include placement::deps
  include placement::params

@ -143,7 +138,7 @@ class placement::wsgi::apache (
    path                      => $path,
    priority                  => $priority,
    servername                => $servername,
-    ssl                       => $ssl_real,
+    ssl                       => $ssl,
    ssl_ca                    => $ssl_ca,
    ssl_cert                  => $ssl_cert,
    ssl_certs_dir             => $ssl_certs_dir,
--- a/releasenotes/notes/disable-apache-ssl-0b433f8e816cd81f.yaml
+++ b/releasenotes/notes/disable-apache-ssl-0b433f8e816cd81f.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Default value of the ``placement::wsgi::apache::ssl`` parameter has been
+    changed from ``true`` to ``false`` and now ssl is disabled by default.
--- a/spec/classes/placement_wsgi_apache_spec.rb
+++ b/spec/classes/placement_wsgi_apache_spec.rb
@ -12,7 +12,7 @@ describe 'placement::wsgi::apache' do
        :path                      => '/',
        :priority                  => '10',
        :servername                => facts[:fqdn],
-        :ssl                       => true,
+        :ssl                       => false,
        :ssl_ca                    => nil,
        :ssl_cert                  => nil,
        :ssl_certs_dir             => nil,
@ -41,7 +41,7 @@ describe 'placement::wsgi::apache' do
          :bind_host                 => '10.42.51.1',
          :api_port                  => 12345,
          :path                      => '/custom',
-          :ssl                       => false,
+          :ssl                       => true,
          :workers                   => 10,
          :ssl_cert                  => '/etc/ssl/certs/placement.crt',
          :ssl_key                   => '/etc/ssl/private/placement.key',