From 6e5c91dc93af0f2c66a1f4e6aad8d7e3ffb7b9b6 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 14 Sep 2019 23:41:26 +0200 Subject: [PATCH] insecure_ssl "role" -> ssl class parameter --- hieradata/common.yaml | 3 --- hieradata/nodes/debussy.debian.org.yaml | 1 + hieradata/nodes/godard.debian.org.yaml | 2 ++ modules/ssl/manifests/init.pp | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 hieradata/nodes/debussy.debian.org.yaml diff --git a/hieradata/common.yaml b/hieradata/common.yaml index e4160698f..24069f18a 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -309,9 +309,6 @@ roles: - seger.debian.org - snapshotdb-manda-01.debian.org - vittoria.debian.org - insecure_ssl: - - debussy.debian.org - - godard.debian.org debsources: - sor.debian.org debconf_wafer: diff --git a/hieradata/nodes/debussy.debian.org.yaml b/hieradata/nodes/debussy.debian.org.yaml new file mode 100644 index 000000000..c9756e7f7 --- /dev/null +++ b/hieradata/nodes/debussy.debian.org.yaml @@ -0,0 +1 @@ +ssl::insecure_ssl: true diff --git a/hieradata/nodes/godard.debian.org.yaml b/hieradata/nodes/godard.debian.org.yaml index 02bd9124c..65baf3d7d 100644 --- a/hieradata/nodes/godard.debian.org.yaml +++ b/hieradata/nodes/godard.debian.org.yaml @@ -1,2 +1,4 @@ classes: - salsa + +ssl::insecure_ssl: true diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp index ee8306772..2474f20a4 100644 --- a/modules/ssl/manifests/init.pp +++ b/modules/ssl/manifests/init.pp @@ -1,4 +1,6 @@ -class ssl { +class ssl ( + Boolean $insecure_ssl = false +) { package { 'openssl': ensure => installed, } @@ -9,7 +11,7 @@ class ssl { ensure => installed, } - if has_role('insecure_ssl') { + if $insecure_ssl { $extra_ssl_certs_flags = ' --default' $ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf' } else { -- 2.20.1