From 232d0deecdefbaa558bd72a822967257a86d0160 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 09:23:48 +0200
Subject: [PATCH] set TLSA port to 0 in preparation of cert roll for buildd,
 contributors, ftp-master, munin, nagios, nm, rt, security-tracker, sso, vote

---
 modules/munin/manifests/master.pp           | 1 +
 modules/roles/manifests/buildd_master.pp    | 1 +
 modules/roles/manifests/contributors.pp     | 1 +
 modules/roles/manifests/ftp_master.pp       | 1 +
 modules/roles/manifests/init.pp             | 1 +
 modules/roles/manifests/nm.pp               | 1 +
 modules/roles/manifests/rtmaster.pp         | 1 +
 modules/roles/manifests/security_tracker.pp | 1 +
 modules/roles/manifests/sso.pp              | 1 +
 modules/roles/manifests/vote.pp             | 1 +
 10 files changed, 10 insertions(+)

diff --git a/modules/munin/manifests/master.pp b/modules/munin/manifests/master.pp
index 5dc0bbc68..734c4c4cf 100644
--- a/modules/munin/manifests/master.pp
+++ b/modules/munin/manifests/master.pp
@@ -11,6 +11,7 @@ class munin::master {
 
 	ssl::service { 'munin.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 	file { '/etc/munin/munin-conf.d':
 		ensure  => directory,
diff --git a/modules/roles/manifests/buildd_master.pp b/modules/roles/manifests/buildd_master.pp
index 63570efdc..90e3810d8 100644
--- a/modules/roles/manifests/buildd_master.pp
+++ b/modules/roles/manifests/buildd_master.pp
@@ -1,6 +1,7 @@
 class roles::buildd_master {
 	ssl::service { 'buildd.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 
 	file { '/etc/ssh/userkeys/wb-buildd.more':
diff --git a/modules/roles/manifests/contributors.pp b/modules/roles/manifests/contributors.pp
index d0ed1fb79..200a6a03f 100644
--- a/modules/roles/manifests/contributors.pp
+++ b/modules/roles/manifests/contributors.pp
@@ -1,5 +1,6 @@
 class roles::contributors {
 	ssl::service { 'contributors.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
diff --git a/modules/roles/manifests/ftp_master.pp b/modules/roles/manifests/ftp_master.pp
index a76e06819..70c0dfccd 100644
--- a/modules/roles/manifests/ftp_master.pp
+++ b/modules/roles/manifests/ftp_master.pp
@@ -7,5 +7,6 @@ class roles::ftp_master {
 
 	ssl::service { 'ftp-master.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index b034ce3f2..badf9a4f2 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -20,6 +20,7 @@ class roles {
 	#	include nagios::server
 		ssl::service { 'nagios.debian.org':
 			notify  => Exec['service apache2 reload'],
+			tlsaport => 0,
 		}
 	}
 
diff --git a/modules/roles/manifests/nm.pp b/modules/roles/manifests/nm.pp
index f792de4cd..c42810d00 100644
--- a/modules/roles/manifests/nm.pp
+++ b/modules/roles/manifests/nm.pp
@@ -1,5 +1,6 @@
 class roles::nm {
 	ssl::service { 'nm.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
diff --git a/modules/roles/manifests/rtmaster.pp b/modules/roles/manifests/rtmaster.pp
index c6dfbbe2f..0546942b7 100644
--- a/modules/roles/manifests/rtmaster.pp
+++ b/modules/roles/manifests/rtmaster.pp
@@ -1,5 +1,6 @@
 class roles::rtmaster {
 	ssl::service { 'rt.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index abc096021..d0741109b 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -1,5 +1,6 @@
 class roles::security_tracker {
 	ssl::service { 'security-tracker.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 407599308..a755ab686 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,5 +1,6 @@
 class roles::sso {
 	ssl::service { 'sso.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
diff --git a/modules/roles/manifests/vote.pp b/modules/roles/manifests/vote.pp
index 88e3920af..eedb470a5 100644
--- a/modules/roles/manifests/vote.pp
+++ b/modules/roles/manifests/vote.pp
@@ -1,5 +1,6 @@
 class roles::vote {
 	ssl::service { 'vote.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
-- 
2.20.1