Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this charm. This patch changes the ports.conf default file with another one that does not open port 80 on SSL environments.. Change-Id: Id0b3ce106e2779ce6a44b59c0b08fb1011dfdd54 Closes-bug: #1845665
2019-11-02 07:24:27 -03:00 · 2019-11-02 07:24:27 -03:00 · 56c70d055a
commit 56c70d055a
parent a7c2e49fcf
3 changed files with 14 additions and 1 deletions
--- a/hooks/nova_cc_utils.py
+++ b/hooks/nova_cc_utils.py
@ -108,6 +108,7 @@ NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR
 NOVA_API_PASTE = '%s/api-paste.ini' % NOVA_CONF_DIR
 VENDORDATA_FILE = '%s/vendor_data.json' % NOVA_CONF_DIR
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
 APACHE_SSL_DIR = '/etc/apache2/ssl/nova'
@ -218,6 +219,10 @@ def get_base_resource_map():
                    determine_ports)],
                'services': ['apache2'],
            }),
+            (APACHE_PORTS_CONF, {
+                'contexts': [],
+                'services': ['apache2'],
+            }),
        ])
    return _BASE_RESOURCE_MAP

--- a/templates/ports.conf
+++ b/templates/ports.conf
@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
--- a/unit_tests/test_nova_cc_utils.py
+++ b/unit_tests/test_nova_cc_utils.py
@ -134,6 +134,7 @@ RESTART_MAP_ICEHOUSE = OrderedDict([
    ]),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
 ])
 RESTART_MAP_OCATA_ACTUAL = OrderedDict([
    ('/etc/nova/nova.conf', [
@ -142,6 +143,7 @@ RESTART_MAP_OCATA_ACTUAL = OrderedDict([
    ('/etc/nova/api-paste.ini', ['nova-api-os-compute', 'apache2']),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']),
 ])
 RESTART_MAP_OCATA_BASE = OrderedDict([
@ -153,7 +155,8 @@ RESTART_MAP_OCATA_BASE = OrderedDict([
        'nova-api-os-compute', 'nova-placement-api'
    ]),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
-    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2'])
+    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
 ])
 RESTART_MAP_ROCKY_ACTUAL = OrderedDict([
    ('/etc/nova/nova.conf', [
@ -162,6 +165,7 @@ RESTART_MAP_ROCKY_ACTUAL = OrderedDict([
    ('/etc/nova/api-paste.ini', ['apache2']),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-api-os-compute.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-openstack-metadata.conf', ['apache2']),