insecure_ssl "role" -> ssl class parameter

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index e416069..24069f1 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -309,9 +309,6 @@ roles:
     - seger.debian.org
     - snapshotdb-manda-01.debian.org
     - vittoria.debian.org
-  insecure_ssl:
-    - debussy.debian.org
-    - godard.debian.org
   debsources:
     - sor.debian.org
   debconf_wafer:

diff --git a/hieradata/nodes/debussy.debian.org.yaml b/hieradata/nodes/debussy.debian.org.yaml
new file mode 100644 (file)
index 0000000..c9756e7
--- /dev/null
+++ b/hieradata/nodes/debussy.debian.org.yaml
@@ -0,0 +1 @@
+ssl::insecure_ssl: true

diff --git a/hieradata/nodes/godard.debian.org.yaml b/hieradata/nodes/godard.debian.org.yaml
index 02bd912..65baf3d 100644 (file)
--- a/hieradata/nodes/godard.debian.org.yaml
+++ b/hieradata/nodes/godard.debian.org.yaml
@@ -1,2 +1,4 @@
 classes:
   - salsa
+
+ssl::insecure_ssl: true

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index ee83067..2474f20 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -1,4 +1,6 @@
-class ssl {
+class ssl (
+       Boolean $insecure_ssl = false
+) {
        package { 'openssl':
                ensure   => installed,
        }
@@ -9,7 +11,7 @@ class ssl {
                ensure   => installed,
        }
 
-       if has_role('insecure_ssl') {
+       if $insecure_ssl {
                $extra_ssl_certs_flags = ' --default'
                $ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
        } else {