From a6ec6cc78476bf5dcabb2ad9beaa4e43e8d8f1ca Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 6 May 2022 20:40:01 +0900 Subject: [PATCH] apache+mod_wsgi: Disable SSL by default During the previous cycle, a warning message was added to inform users of this change. Now the default value is updated so that SSL is disabled by default. Change-Id: I48c695c4479107c91809051c122c2c7bd5be170e --- manifests/wsgi/apache.pp | 11 +++-------- .../notes/disable-apache-ssl-091f33cd0d64294e.yaml | 5 +++++ spec/classes/cinder_wsgi_apache_spec.rb | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 releasenotes/notes/disable-apache-ssl-091f33cd0d64294e.yaml diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 55d96068..6a1f55f3 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -38,7 +38,7 @@ # # [*ssl*] # Use ssl ? (boolean) -# Optional. Defaults to true +# Optional. Defaults to false # # [*workers*] # Number of WSGI workers to spawn. @@ -122,7 +122,7 @@ class cinder::wsgi::apache ( $port = 8776, $bind_host = undef, $path = '/', - $ssl = undef, + $ssl = false, $workers = $::os_workers, $ssl_cert = undef, $ssl_key = undef, @@ -145,11 +145,6 @@ class cinder::wsgi::apache ( $vhost_custom_fragment = undef, ) { - if $ssl == undef { - warning('Default of the ssl parameter will be changed in a future release') - } - $ssl_real = pick($ssl, true) - include cinder::deps include cinder::params @@ -162,7 +157,7 @@ class cinder::wsgi::apache ( path => $path, priority => $priority, servername => $servername, - ssl => $ssl_real, + ssl => $ssl, ssl_ca => $ssl_ca, ssl_cert => $ssl_cert, ssl_certs_dir => $ssl_certs_dir, diff --git a/releasenotes/notes/disable-apache-ssl-091f33cd0d64294e.yaml b/releasenotes/notes/disable-apache-ssl-091f33cd0d64294e.yaml new file mode 100644 index 00000000..cc10ee01 --- /dev/null +++ b/releasenotes/notes/disable-apache-ssl-091f33cd0d64294e.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Default value of the ``cinder::wsgi::apache::ssl`` parameter has been + changed from ``true`` to ``false`` and now ssl is disabled by default. diff --git a/spec/classes/cinder_wsgi_apache_spec.rb b/spec/classes/cinder_wsgi_apache_spec.rb index 2c381031..4aeaf883 100644 --- a/spec/classes/cinder_wsgi_apache_spec.rb +++ b/spec/classes/cinder_wsgi_apache_spec.rb @@ -9,7 +9,7 @@ describe 'cinder::wsgi::apache' do :group => 'cinder', :path => '/', :servername => facts[:fqdn], - :ssl => true, + :ssl => false, :threads => 1, :user => 'cinder', :workers => facts[:os_workers], @@ -35,7 +35,7 @@ describe 'cinder::wsgi::apache' do :servername => 'dummy.host', :bind_host => '10.42.51.1', :port => 12345, - :ssl => false, + :ssl => true, :vhost_custom_fragment => 'Timeout 99', :wsgi_process_display_name => 'cinder-api', :workers => 37, @@ -51,7 +51,7 @@ describe 'cinder::wsgi::apache' do :group => 'cinder', :path => '/', :servername => 'dummy.host', - :ssl => false, + :ssl => true, :threads => 1, :user => 'cinder', :vhost_custom_fragment => 'Timeout 99',