From ee173b8b353548a2a6a5ac1037f32174c26b8603 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 9 Oct 2016 13:31:21 +0200
Subject: [PATCH] disable TLSA for api.ftp-master, lists, and udd

---
 modules/roles/manifests/init.pp  | 1 +
 modules/roles/manifests/lists.pp | 1 +
 modules/roles/manifests/udd.pp   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 1d7282435..a6e0965b4 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -58,6 +58,7 @@ class roles {
 	if has_role('api.ftp-master') {
 		ssl::service { 'api.ftp-master.debian.org':
 			notify  => Exec['service apache2 reload'],
+			tlsaport => 0,
 		}
 	}
 
diff --git a/modules/roles/manifests/lists.pp b/modules/roles/manifests/lists.pp
index ace2b25cc..d1d9d237f 100644
--- a/modules/roles/manifests/lists.pp
+++ b/modules/roles/manifests/lists.pp
@@ -1,6 +1,7 @@
 class roles::lists {
 	ssl::service { 'lists.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 
 	dnsextras::tlsa_record{ 'tlsa-mailport':
diff --git a/modules/roles/manifests/udd.pp b/modules/roles/manifests/udd.pp
index fe9abbae1..ea81cdf56 100644
--- a/modules/roles/manifests/udd.pp
+++ b/modules/roles/manifests/udd.pp
@@ -1,5 +1,6 @@
 class roles::udd {
 	ssl::service { 'udd.debian.org':
 		notify  => Exec['service apache2 reload'],
+		tlsaport => 0,
 	}
 }
-- 
2.20.1