diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 336f702c..4732ad44 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -108,7 +108,7 @@ define heat::wsgi::apache ( $servername = $::fqdn, $bind_host = undef, $path = '/', - $ssl = true, + $ssl = undef, $workers = $::os_workers, $ssl_cert = undef, $ssl_key = undef, @@ -129,11 +129,17 @@ define heat::wsgi::apache ( if $title !~ /^api(|_cfn)$/ { fail('The valid options are api, api_cfn') } + + if $ssl == undef { + warning('Default of the ssl parameter will be changed in a future release') + } + $ssl_real = pick($ssl, true) + include heat::deps include heat::params include apache include apache::mod::wsgi - if $ssl { + if $ssl_real { include apache::mod::ssl } @@ -144,7 +150,7 @@ define heat::wsgi::apache ( path => $path, priority => $priority, servername => $servername, - ssl => $ssl, + ssl => $ssl_real, ssl_ca => $ssl_ca, ssl_cert => $ssl_cert, ssl_certs_dir => $ssl_certs_dir, diff --git a/manifests/wsgi/apache_api.pp b/manifests/wsgi/apache_api.pp index 492c270c..9219204a 100644 --- a/manifests/wsgi/apache_api.pp +++ b/manifests/wsgi/apache_api.pp @@ -104,7 +104,7 @@ class heat::wsgi::apache_api ( $servername = $::fqdn, $bind_host = undef, $path = '/', - $ssl = true, + $ssl = undef, $workers = $::os_workers, $ssl_cert = undef, $ssl_key = undef, @@ -122,12 +122,18 @@ class heat::wsgi::apache_api ( $wsgi_process_display_name = undef, $vhost_custom_fragment = undef, ) { + + if $ssl == undef { + warning('Default of the ssl parameter will be changed in a future release') + } + $ssl_real = pick($ssl, true) + heat::wsgi::apache { 'api': port => $port, servername => $servername, bind_host => $bind_host, path => $path, - ssl => $ssl, + ssl => $ssl_real, workers => $workers, ssl_cert => $ssl_cert, ssl_key => $ssl_key, diff --git a/manifests/wsgi/apache_api_cfn.pp b/manifests/wsgi/apache_api_cfn.pp index 4744419a..d23ec514 100644 --- a/manifests/wsgi/apache_api_cfn.pp +++ b/manifests/wsgi/apache_api_cfn.pp @@ -105,7 +105,7 @@ class heat::wsgi::apache_api_cfn ( $servername = $::fqdn, $bind_host = undef, $path = '/', - $ssl = true, + $ssl = undef, $workers = $::os_workers, $ssl_cert = undef, $ssl_key = undef, @@ -125,6 +125,11 @@ class heat::wsgi::apache_api_cfn ( $vhost_custom_fragment = 'RequestHeader set Content-Type "application/json"', ) { + if $ssl == undef { + warning('Default of the ssl parameter will be changed in a future release') + } + $ssl_real = pick($ssl, true) + # See custom fragment below include apache include apache::mod::headers @@ -145,7 +150,7 @@ class heat::wsgi::apache_api_cfn ( servername => $servername, bind_host => $bind_host, path => $path, - ssl => $ssl, + ssl => $ssl_real, workers => $workers, ssl_cert => $ssl_cert, ssl_key => $ssl_key, diff --git a/releasenotes/notes/prepare-to-change-apache-ssl-0fe3526e8fdb82b3.yaml b/releasenotes/notes/prepare-to-change-apache-ssl-0fe3526e8fdb82b3.yaml new file mode 100644 index 00000000..a6930df4 --- /dev/null +++ b/releasenotes/notes/prepare-to-change-apache-ssl-0fe3526e8fdb82b3.yaml @@ -0,0 +1,10 @@ +--- +upgrade: + - | + Default value of the following three parameters will be changed from + ``true`` to ``false`` in a future release. Make sure the parameter is set + to the desired value. + + - ``heat::wsgi::apache::ssl`` + - ``heat::wsgi::apache_api::ssl`` + - ``heat::wsgi::apache_api_cfn::ssl``