Merge "Disable Apache port 80"

2020-01-31 15:49:43 +00:00 · 2020-01-31 15:49:43 +00:00 · e54ed63e59
commit e54ed63e59
parent 3cdd235144 8eb305f3f1
3 changed files with 13 additions and 1 deletions
--- a/hooks/glance_utils.py
+++ b/hooks/glance_utils.py
@ -123,6 +123,7 @@ CEPH_CONF = "/etc/ceph/ceph.conf"
 CHARM_CEPH_CONF = '/var/lib/charm/{}/ceph.conf'

 HAPROXY_CONF = "/etc/haproxy/haproxy.cfg"
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 HTTPS_APACHE_CONF = "/etc/apache2/sites-available/openstack_https_frontend"
 HTTPS_APACHE_24_CONF = "/etc/apache2/sites-available/" \
    "openstack_https_frontend.conf"
@ -210,7 +211,11 @@ CONFIG_FILES = OrderedDict([
    (HTTPS_APACHE_24_CONF, {
        'hook_contexts': [glance_contexts.ApacheSSLContext()],
        'services': ['apache2'],
-    })
+    }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])


--- a/templates/ports.conf
+++ b/templates/ports.conf
@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
--- a/unit_tests/test_glance_utils.py
+++ b/unit_tests/test_glance_utils.py
@ -156,6 +156,7 @@ class TestGlanceUtils(CharmTestCase):
            (utils.HAPROXY_CONF, ['haproxy']),
            (utils.HTTPS_APACHE_CONF, ['apache2']),
            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
            (utils.MEMCACHED_CONF, ['memcached']),
            (utils.GLANCE_POLICY_FILE, ['glance-api', 'glance-registry']),
        ])
@ -177,6 +178,7 @@ class TestGlanceUtils(CharmTestCase):
            (utils.HAPROXY_CONF, ['haproxy']),
            (utils.HTTPS_APACHE_CONF, ['apache2']),
            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
            (utils.MEMCACHED_CONF, ['memcached']),
            (utils.GLANCE_POLICY_FILE, ['glance-api']),
        ])
@ -200,6 +202,7 @@ class TestGlanceUtils(CharmTestCase):
            (utils.HAPROXY_CONF, ['haproxy']),
            (utils.HTTPS_APACHE_CONF, ['apache2']),
            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
            (utils.MEMCACHED_CONF, ['memcached']),
            (utils.GLANCE_POLICY_FILE, ['glance-api']),
            ('{}/*'.format(utils.APACHE_SSL_DIR),