Permalink
Browse files

Merge pull request #477 from Mayflower/master

handle mysql compiled without ssl
  • Loading branch information...
2 parents 3fa4154 + 5c8d97f commit 501448c29e0058b08ada3f5a424e49fca349798a @igalic igalic committed Mar 6, 2014
Showing with 19 additions and 1 deletion.
  1. +1 −0 manifests/params.pp
  2. +6 −0 manifests/server/config.pp
  3. +9 −0 spec/classes/mysql_server_spec.rb
  4. +3 −1 templates/my.cnf.erb
View
@@ -212,6 +212,7 @@
'ssl-ca' => $mysql::params::ssl_ca,
'ssl-cert' => $mysql::params::ssl_cert,
'ssl-key' => $mysql::params::ssl_key,
+ 'ssl-disable' => false,
'thread_cache_size' => '8',
'thread_stack' => '256K',
'tmpdir' => $mysql::params::tmpdir,
@@ -27,4 +27,10 @@
mode => '0644',
}
}
+
+ if $options['mysqld']['ssl-disable'] {
+ notify {'ssl-disable':
+ message =>'Disabling SSL is evil! You should never ever do this except if you are forced to use a mysql version compiled without SSL support'
+ }
+ }
}
@@ -56,6 +56,15 @@
it { should contain_class('mysql::server::account_security') }
end
+ describe 'possibility of disabling ssl completely' do
+ let(:params) {
+ { :override_options => { 'mysqld' => { 'ssl' => true, 'ssl-disable' => true } }}
+ }
+ it do
+ should contain_file('/etc/my.cnf').without_content(/^\s*ssl\s*(?:$|= true)/m)
+ end
+ end
+
context 'mysql::server::install' do
let(:params) {{ :package_ensure => 'present', :name => 'mysql-server' }}
it do
View
@@ -2,7 +2,9 @@
<% if v.is_a?(Hash) -%>
[<%= k %>]
<% v.sort.map do |ki, vi| -%>
-<% if vi == true or v == '' -%>
+<% if ki =~ /^ssl/ and v['ssl-disable'] == true -%>
+<% next %>
+<% elsif vi == true or v == '' -%>
<%= ki %>
<% elsif vi.is_a?(Array) -%>
<% vi.each do |vii| -%>

0 comments on commit 501448c

Please sign in to comment.