From 6e8df9739a5bfb43579f4d032674b8ca2ff6b1ad Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 6 May 2022 20:35:26 +0900 Subject: [PATCH] apache+mod_wsgi: Disable SSL by default During the previous cycle, a warning message was added to inform users of this change. Now the default value is updated so that SSL is disabled by default. Change-Id: I72cf30d418b99ba06c4d5738544acb1930d4806f --- manifests/wsgi/apache.pp | 11 +++-------- .../notes/disable-apache-ssl-6ae0c1a4992a71ac.yaml | 5 +++++ spec/classes/barbican_wsgi_apache_spec.rb | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 releasenotes/notes/disable-apache-ssl-6ae0c1a4992a71ac.yaml diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index edab8773..1c5e9e24 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -27,7 +27,7 @@ # # [*ssl*] # Use ssl ? (boolean) -# Optional. Defaults to true +# Optional. Defaults to false # # [*workers*] # Number of WSGI workers to spawn. @@ -111,7 +111,7 @@ class barbican::wsgi::apache ( $public_port = 9311, $bind_host = undef, $public_path = '/', - $ssl = undef, + $ssl = false, $workers = $::os_workers, $ssl_cert = undef, $ssl_key = undef, @@ -130,11 +130,6 @@ class barbican::wsgi::apache ( $vhost_custom_fragment = undef, ) { - if $ssl == undef { - warning('Default of the ssl parameter will be changed in a future release') - } - $ssl_real = pick($ssl, true) - include barbican::deps include barbican::params @@ -147,7 +142,7 @@ class barbican::wsgi::apache ( path => $public_path, priority => $priority, servername => $servername, - ssl => $ssl_real, + ssl => $ssl, ssl_ca => $ssl_ca, ssl_cert => $ssl_cert, ssl_certs_dir => $ssl_certs_dir, diff --git a/releasenotes/notes/disable-apache-ssl-6ae0c1a4992a71ac.yaml b/releasenotes/notes/disable-apache-ssl-6ae0c1a4992a71ac.yaml new file mode 100644 index 00000000..60043ba1 --- /dev/null +++ b/releasenotes/notes/disable-apache-ssl-6ae0c1a4992a71ac.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Default value of the ``barbican::wsgi::apache::ssl`` parameter has been + changed from ``true`` to ``false`` and now ssl is disabled by default. diff --git a/spec/classes/barbican_wsgi_apache_spec.rb b/spec/classes/barbican_wsgi_apache_spec.rb index 19e306b9..4af8e1a3 100644 --- a/spec/classes/barbican_wsgi_apache_spec.rb +++ b/spec/classes/barbican_wsgi_apache_spec.rb @@ -29,7 +29,7 @@ describe 'barbican::wsgi::apache' do :group => 'barbican', :path => '/', :servername => facts[:fqdn], - :ssl => true, + :ssl => false, :threads => 1, :user => 'barbican', :workers => facts[:os_workers], @@ -50,7 +50,7 @@ describe 'barbican::wsgi::apache' do :servername => 'dummy.host', :bind_host => '10.42.51.1', :public_port => 12345, - :ssl => false, + :ssl => true, :wsgi_process_display_name => 'barbican-api', :workers => 37, :access_log_file => '/var/log/httpd/access_log', @@ -69,7 +69,7 @@ describe 'barbican::wsgi::apache' do :group => 'barbican', :path => '/', :servername => 'dummy.host', - :ssl => false, + :ssl => true, :threads => 1, :user => 'barbican', :vhost_custom_fragment => 'Timeout 99',