From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 14 Sep 2019 21:41:26 +0000 (+0200)
Subject: insecure_ssl "role" -> ssl class parameter
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=6e5c91dc93af0f2c66a1f4e6aad8d7e3ffb7b9b6;p=mirror%2Fdsa-puppet.git

insecure_ssl "role" -> ssl class parameter
---

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index e4160698f..24069f18a 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -309,9 +309,6 @@ roles:
     - seger.debian.org
     - snapshotdb-manda-01.debian.org
     - vittoria.debian.org
-  insecure_ssl:
-    - debussy.debian.org
-    - godard.debian.org
   debsources:
     - sor.debian.org
   debconf_wafer:
diff --git a/hieradata/nodes/debussy.debian.org.yaml b/hieradata/nodes/debussy.debian.org.yaml
new file mode 100644
index 000000000..c9756e7f7
--- /dev/null
+++ b/hieradata/nodes/debussy.debian.org.yaml
@@ -0,0 +1 @@
+ssl::insecure_ssl: true
diff --git a/hieradata/nodes/godard.debian.org.yaml b/hieradata/nodes/godard.debian.org.yaml
index 02bd9124c..65baf3d7d 100644
--- a/hieradata/nodes/godard.debian.org.yaml
+++ b/hieradata/nodes/godard.debian.org.yaml
@@ -1,2 +1,4 @@
 classes:
   - salsa
+
+ssl::insecure_ssl: true
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index ee8306772..2474f20a4 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -1,4 +1,6 @@
-class ssl {
+class ssl (
+	Boolean $insecure_ssl = false
+) {
 	package { 'openssl':
 		ensure   => installed,
 	}
@@ -9,7 +11,7 @@ class ssl {
 		ensure   => installed,
 	}
 
-	if has_role('insecure_ssl') {
+	if $insecure_ssl {
 		$extra_ssl_certs_flags = ' --default'
 		$ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
 	} else {