From d641406a28668bb273881d8057d5b7d4838732e8 Mon Sep 17 00:00:00 2001
From: Matthew Treinish <mtreinish@kortar.org>
Date: Mon, 26 Feb 2018 05:50:23 -0500
Subject: [PATCH] Make websocket tls independent

Currently there is no way to independtly disable the encrypted
websockets connection from the mqtt tls listener. This commit switches
this to be the new enable_websocket_tls flag which will be used to
independtly control whether we deploy an encypted websockets port.

Change-Id: I2bb806210dbe5c40cfda5ac205f3659c2085f0e1
---
 manifests/server.pp          | 1 +
 templates/mosquitto.conf.erb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/manifests/server.pp b/manifests/server.pp
index dc656be..ca7bea6 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -22,6 +22,7 @@ class mosquitto::server (
   $infra_service_username = 'infra',
   $websocket_port = 80,
   $enable_tls = false,
+  $enable_tls_websocket = false,
   $websocket_tls_port = 8080,
   $ca_file = undef,
   $cert_file = undef,
diff --git a/templates/mosquitto.conf.erb b/templates/mosquitto.conf.erb
index 7e83ab7..39394fc 100644
--- a/templates/mosquitto.conf.erb
+++ b/templates/mosquitto.conf.erb
@@ -293,7 +293,7 @@ listener <%= @websocket_port %>
 protocol websockets
 
 # Encrypted http websocket port
-<% if @enable_tls -%>
+<% if @enable_websocket_tls -%>
 listener <%= @websocket_tls_port %>
 cafile /etc/mosquitto/ca.crt
 certfile /etc/mosquitto/server.crt