Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments..

Change-Id: Id0b3ce106e2779ce6a44b59c0b08fb1011dfdd54
Closes-bug: #1845665
This commit is contained in:
tpsilva 2019-11-02 07:24:27 -03:00 committed by Edward Hope-Morley
parent a7c2e49fcf
commit 56c70d055a
3 changed files with 14 additions and 1 deletions

View File

@ -108,6 +108,7 @@ NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR
NOVA_API_PASTE = '%s/api-paste.ini' % NOVA_CONF_DIR NOVA_API_PASTE = '%s/api-paste.ini' % NOVA_CONF_DIR
VENDORDATA_FILE = '%s/vendor_data.json' % NOVA_CONF_DIR VENDORDATA_FILE = '%s/vendor_data.json' % NOVA_CONF_DIR
HAPROXY_CONF = '/etc/haproxy/haproxy.cfg' HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend' APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf' APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
APACHE_SSL_DIR = '/etc/apache2/ssl/nova' APACHE_SSL_DIR = '/etc/apache2/ssl/nova'
@ -218,6 +219,10 @@ def get_base_resource_map():
determine_ports)], determine_ports)],
'services': ['apache2'], 'services': ['apache2'],
}), }),
(APACHE_PORTS_CONF, {
'contexts': [],
'services': ['apache2'],
}),
]) ])
return _BASE_RESOURCE_MAP return _BASE_RESOURCE_MAP

4
templates/ports.conf Normal file
View File

@ -0,0 +1,4 @@
# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
<IfModule !ssl_module>
Listen 80
</IfModule>

View File

@ -134,6 +134,7 @@ RESTART_MAP_ICEHOUSE = OrderedDict([
]), ]),
('/etc/haproxy/haproxy.cfg', ['haproxy']), ('/etc/haproxy/haproxy.cfg', ['haproxy']),
('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']), ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
('/etc/apache2/ports.conf', ['apache2']),
]) ])
RESTART_MAP_OCATA_ACTUAL = OrderedDict([ RESTART_MAP_OCATA_ACTUAL = OrderedDict([
('/etc/nova/nova.conf', [ ('/etc/nova/nova.conf', [
@ -142,6 +143,7 @@ RESTART_MAP_OCATA_ACTUAL = OrderedDict([
('/etc/nova/api-paste.ini', ['nova-api-os-compute', 'apache2']), ('/etc/nova/api-paste.ini', ['nova-api-os-compute', 'apache2']),
('/etc/haproxy/haproxy.cfg', ['haproxy']), ('/etc/haproxy/haproxy.cfg', ['haproxy']),
('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']), ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
('/etc/apache2/ports.conf', ['apache2']),
('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']), ('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']),
]) ])
RESTART_MAP_OCATA_BASE = OrderedDict([ RESTART_MAP_OCATA_BASE = OrderedDict([
@ -153,7 +155,8 @@ RESTART_MAP_OCATA_BASE = OrderedDict([
'nova-api-os-compute', 'nova-placement-api' 'nova-api-os-compute', 'nova-placement-api'
]), ]),
('/etc/haproxy/haproxy.cfg', ['haproxy']), ('/etc/haproxy/haproxy.cfg', ['haproxy']),
('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']) ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
('/etc/apache2/ports.conf', ['apache2']),
]) ])
RESTART_MAP_ROCKY_ACTUAL = OrderedDict([ RESTART_MAP_ROCKY_ACTUAL = OrderedDict([
('/etc/nova/nova.conf', [ ('/etc/nova/nova.conf', [
@ -162,6 +165,7 @@ RESTART_MAP_ROCKY_ACTUAL = OrderedDict([
('/etc/nova/api-paste.ini', ['apache2']), ('/etc/nova/api-paste.ini', ['apache2']),
('/etc/haproxy/haproxy.cfg', ['haproxy']), ('/etc/haproxy/haproxy.cfg', ['haproxy']),
('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']), ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
('/etc/apache2/ports.conf', ['apache2']),
('/etc/apache2/sites-enabled/wsgi-api-os-compute.conf', ['apache2']), ('/etc/apache2/sites-enabled/wsgi-api-os-compute.conf', ['apache2']),
('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']), ('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']),
('/etc/apache2/sites-enabled/wsgi-openstack-metadata.conf', ['apache2']), ('/etc/apache2/sites-enabled/wsgi-openstack-metadata.conf', ['apache2']),