services: ganeti: Use TLS on the remote API by default.

* gnu/services/ganeti.scm (<ganeti-rapi-configuration>): Set SSL? to #t. * gnu/tests/ganeti.scm (%ganeti-os): Set SSL? to #f. * doc/guix.texi (Virtualization Services): Adjust accordingly.
2020-07-19 09:59:57 +02:00 · 2020-07-19 09:59:57 +02:00 · 41daf12865
parent c91c132fc4
commit 41daf12865
3 changed files with 7 additions and 2 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -25497,7 +25497,7 @@ The maximum number of simultaneous client requests to handle.  Further
 connections are allowed, but no responses are sent until enough connections
 have closed.

-@item @code{ssl?} (default: @code{#f})
+@item @code{ssl?} (default: @code{#t})
 Whether to use SSL/TLS encryption on the RAPI port.

@item @code{ssl-key} (default: @file{"/var/lib/ganeti/server.pem"})
--- a/gnu/services/ganeti.scm
+++ b/gnu/services/ganeti.scm
@ -450,7 +450,7 @@ (define-record-type* <ganeti-rapi-configuration>
  (max-clients ganeti-rapi-configuration-max-clients    ;integer
               (default 20))
  (ssl?        ganeti-rapi-configuration-ssl?           ;Boolean
-               (default #f))
+               (default #t))
  (ssl-key     ganeti-rapi-configuration-ssl-key        ;string
               (default "/var/lib/ganeti/server.pem"))
  (ssl-cert    ganeti-rapi-configuration-ssl-cert       ;string
--- a/gnu/tests/ganeti.scm
+++ b/gnu/tests/ganeti.scm
@ -70,6 +70,11 @@ (define %ganeti-os
                   (service ganeti-service-type
                            (ganeti-configuration
                             (file-storage-paths '("/srv/ganeti/file-storage"))
+                             (rapi-configuration
+                              (ganeti-rapi-configuration
+                               ;; Disable TLS so we can test the RAPI without
+                               ;; pulling in GnuTLS.
+                               (ssl? #f)))
                             (os %default-ganeti-os))))
             %base-services))))