openstack/puppet-zaqar
Code Issues Proposed changes

apache+mod_wsgi: Disable SSL by default

Browse Source 
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I17cd1a7adcc09168d3f53f44787858ef1d89a0a7
This commit is contained in:
Takashi Kajinami 2022-05-06 21:05:37 +09:00
parent f8524ec308
commit 411e1ea3fe
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/wsgi/apache.pp
View File

@ -38,7 +38,7 @@
# #
# [*ssl*] # [*ssl*]
# Use ssl ? (boolean) # Use ssl ? (boolean)
# Optional. Defaults to true # Optional. Defaults to false
# #
# [*workers*] # [*workers*]
# Number of WSGI workers to spawn. # Number of WSGI workers to spawn.
@ -101,7 +101,7 @@ class zaqar::wsgi::apache (
$port = 8888, $port = 8888,
$bind_host = undef, $bind_host = undef,
$path = '/', $path = '/',
$ssl = undef, $ssl = false,
$workers = $::os_workers, $workers = $::os_workers,
$ssl_cert = undef, $ssl_cert = undef,
$ssl_key = undef, $ssl_key = undef,
@ -119,11 +119,6 @@ class zaqar::wsgi::apache (
$custom_wsgi_process_options = {}, $custom_wsgi_process_options = {},
) { ) {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
include zaqar::deps include zaqar::deps
include zaqar::params include zaqar::params
@ -136,7 +131,7 @@ class zaqar::wsgi::apache (
path => $path, path => $path,
priority => $priority, priority => $priority,
servername => $servername, servername => $servername,
ssl => $ssl_real, ssl => $ssl,
ssl_ca => $ssl_ca, ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir, ssl_certs_dir => $ssl_certs_dir,

5
releasenotes/notes/disable-apache-ssl-35afc2770e17a618.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- |
Default value of the ``zaqar::wsgi::apache::ssl`` parameter has been
changed from ``true`` to ``false`` and now ssl is disabled by default.

6
spec/classes/zaqar_wsgi_apache_spec.rb
View File

@ -10,7 +10,7 @@ describe 'zaqar::wsgi::apache' do
:group => 'zaqar', :group => 'zaqar',
:path => '/', :path => '/',
:servername => facts[:fqdn], :servername => facts[:fqdn],
:ssl => true, :ssl => false,
:threads => 1, :threads => 1,
:user => 'zaqar', :user => 'zaqar',
:workers => facts[:os_workers], :workers => facts[:os_workers],
@ -31,7 +31,7 @@ describe 'zaqar::wsgi::apache' do
:servername => 'dummy.host', :servername => 'dummy.host',
:bind_host => '10.42.51.1', :bind_host => '10.42.51.1',
:port => 12345, :port => 12345,
:ssl => false, :ssl => true,
:wsgi_process_display_name => 'zaqar-server', :wsgi_process_display_name => 'zaqar-server',
:workers => 37, :workers => 37,
:access_log_file => '/var/log/httpd/access_log', :access_log_file => '/var/log/httpd/access_log',
@ -49,7 +49,7 @@ describe 'zaqar::wsgi::apache' do
:group => 'zaqar', :group => 'zaqar',
:path => '/', :path => '/',
:servername => 'dummy.host', :servername => 'dummy.host',
:ssl => false, :ssl => true,
:threads => 1, :threads => 1,
:user => 'zaqar', :user => 'zaqar',
:workers => 37, :workers => 37,