Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this charm. This patch changes the ports.conf default file with another one that does not open port 80 on SSL environments. Change-Id: I0d935de2eada861b986e2f17ead6a5674afd2969 Closes-bug: #1845665
2019-11-02 06:44:52 -03:00 · 2019-11-02 06:44:52 -03:00 · b972488ad2
commit b972488ad2
parent cba1418590
3 changed files with 12 additions and 0 deletions
--- a/hooks/neutron_api_utils.py
+++ b/hooks/neutron_api_utils.py
@ -139,6 +139,7 @@ NEUTRON_CONF = '%s/neutron.conf' % NEUTRON_CONF_DIR
 NEUTRON_LBAAS_CONF = '%s/neutron_lbaas.conf' % NEUTRON_CONF_DIR
 NEUTRON_VPNAAS_CONF = '%s/neutron_vpnaas.conf' % NEUTRON_CONF_DIR
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
 APACHE_SSL_DIR = '/etc/apache2/ssl/neutron'
@ -198,6 +199,10 @@ BASE_RESOURCE_MAP = OrderedDict([
                     neutron_api_context.HAProxyContext()],
        'services': ['haproxy'],
    }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])

 # The interface is said to be satisfied if anyone of the interfaces in the
--- a/templates/ports.conf
+++ b/templates/ports.conf
@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
--- a/unit_tests/test_neutron_api_utils.py
+++ b/unit_tests/test_neutron_api_utils.py
@ -254,6 +254,7 @@ class TestNeutronAPIUtils(CharmTestCase):
            (nutils.API_PASTE_INI, ['neutron-server']),
            (nutils.APACHE_CONF, ['apache2']),
            (nutils.HAPROXY_CONF, ['haproxy']),
+            (nutils.APACHE_PORTS_CONF, ['apache2']),
            (ML2CONF, ['neutron-server']),
        ])
        self.assertEqual(_restart_map, expect)
@ -272,6 +273,7 @@ class TestNeutronAPIUtils(CharmTestCase):
            (nutils.API_PASTE_INI, ['neutron-server']),
            (nutils.APACHE_CONF, ['apache2']),
            (nutils.HAPROXY_CONF, ['haproxy']),
+            (nutils.APACHE_PORTS_CONF, ['apache2']),
            (ML2CONF, ['neutron-server']),
            ('{}/*'.format(nutils.APACHE_SSL_DIR),
             ['apache2', 'neutron-server']),
@ -298,6 +300,7 @@ class TestNeutronAPIUtils(CharmTestCase):
                 '/etc/neutron/api-paste.ini',
                 '/etc/default/neutron-server',
                 '/etc/neutron/plugins/ml2/ml2_conf.ini',
+                 '/etc/apache2/ports.conf',
                 '/etc/apache2/sites-available/openstack_https_frontend',
                 '/etc/haproxy/haproxy.cfg']
        self.assertEqual(sorted(_regconfs.configs), sorted(confs))