Merge "Disable Apache port 80"

2020-01-31 15:48:35 +00:00 · 2020-01-31 15:48:35 +00:00 · ece024b467
parent 6fafb5abc5 b972488ad2
commit ece024b467
3 changed files with 12 additions and 0 deletions
--- a/hooks/neutron_api_utils.py
+++ b/hooks/neutron_api_utils.py
@ -144,6 +144,7 @@ NEUTRON_CONF = '%s/neutron.conf' % NEUTRON_CONF_DIR
 NEUTRON_LBAAS_CONF = '%s/neutron_lbaas.conf' % NEUTRON_CONF_DIR
 NEUTRON_VPNAAS_CONF = '%s/neutron_vpnaas.conf' % NEUTRON_CONF_DIR
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
 APACHE_SSL_DIR = '/etc/apache2/ssl/neutron'
@ -203,6 +204,10 @@ BASE_RESOURCE_MAP = OrderedDict([
                     neutron_api_context.HAProxyContext()],
        'services': ['haproxy'],
    }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])

 # The interface is said to be satisfied if anyone of the interfaces in the
--- a/templates/ports.conf
+++ b/templates/ports.conf
@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
--- a/unit_tests/test_neutron_api_utils.py
+++ b/unit_tests/test_neutron_api_utils.py
@ -271,6 +271,7 @@ class TestNeutronAPIUtils(CharmTestCase):
            (nutils.API_PASTE_INI, ['neutron-server']),
            (nutils.APACHE_CONF, ['apache2']),
            (nutils.HAPROXY_CONF, ['haproxy']),
+            (nutils.APACHE_PORTS_CONF, ['apache2']),
            (ML2CONF, ['neutron-server']),
        ])
        self.assertEqual(_restart_map, expect)
@ -289,6 +290,7 @@ class TestNeutronAPIUtils(CharmTestCase):
            (nutils.API_PASTE_INI, ['neutron-server']),
            (nutils.APACHE_CONF, ['apache2']),
            (nutils.HAPROXY_CONF, ['haproxy']),
+            (nutils.APACHE_PORTS_CONF, ['apache2']),
            (ML2CONF, ['neutron-server']),
            ('{}/*'.format(nutils.APACHE_SSL_DIR),
             ['apache2', 'neutron-server']),
@ -315,6 +317,7 @@ class TestNeutronAPIUtils(CharmTestCase):
                 '/etc/neutron/api-paste.ini',
                 '/etc/default/neutron-server',
                 '/etc/neutron/plugins/ml2/ml2_conf.ini',
+                 '/etc/apache2/ports.conf',
                 '/etc/apache2/sites-available/openstack_https_frontend',
                 '/etc/haproxy/haproxy.cfg']
        self.assertEqual(sorted(_regconfs.configs), sorted(confs))