Use https for Icinga repository

[tbauriedel]

The defaults for the Icinga repository uses http instead of https.

[Donien]

Hey, we have already talked about this briefly.
I thought about this some more.

Ignoring the package server's redirect from HTTP to HTTPS here.

What does using HTTPS actually achieve in this case?
Do packages really need to be encrypted on their way from the server to the target machine?

The content of the packages is verified using signatures.
I get that we definitely MUST use HTTPS when integrating a subscription repository, since we do not want to pass credentials via HTTP.

Other than that I only see a (slight) overhead when using HTTPS.

EDIT:

The following variables use insecure HTTP.
Variables relating to RHEL and the subscription repository already use HTTPS.

defaults/main.yml:

• icinga_repo_yum_stable_url
• icinga_repo_yum_testing_url
• icinga_repo_yum_snapshot_url
• icinga_repo_apt_stable_deb
• icinga_repo_apt_testing_deb
• icinga_repo_apt_snapshot_deb

vars/RedHat-Fedora.yml:

• icinga_repo_yum_stable_url
• icinga_repo_yum_testing_url
• icinga_repo_yum_snapshot_url

vars/Debian-Raspbian.yml:

• icinga_repo_apt_stable_deb
• icinga_repo_apt_testing_deb
• icinga_repo_apt_snapshot_deb