diff --git a/hooks/cinder_utils.py b/hooks/cinder_utils.py index ec6880e0..72a82261 100644 --- a/hooks/cinder_utils.py +++ b/hooks/cinder_utils.py @@ -162,6 +162,7 @@ CINDER_POLICY_JSON = '%s/policy.json' % CINDER_CONF_DIR CEPH_CONF = '/etc/ceph/ceph.conf' HAPROXY_CONF = '/etc/haproxy/haproxy.cfg' +APACHE_PORTS_CONF = '/etc/apache2/ports.conf' APACHE_SITE_CONF = '/etc/apache2/sites-available/openstack_https_frontend' APACHE_SITE_24_CONF = '/etc/apache2/sites-available/' \ 'openstack_https_frontend.conf' @@ -250,6 +251,10 @@ BASE_RESOURCE_MAP = OrderedDict([ 'contexts': [cinder_contexts.ApacheSSLContext()], 'services': ['apache2'], }), + (APACHE_PORTS_CONF, { + 'contexts': [], + 'services': ['apache2'], + }), ]) diff --git a/templates/ports.conf b/templates/ports.conf new file mode 100644 index 00000000..103f3e05 --- /dev/null +++ b/templates/ports.conf @@ -0,0 +1,4 @@ +# File written by Juju: don't open default ports on SSL environments (see LP 1845665). + + Listen 80 +