openstack/devstack
Code Issues Proposed changes

Fix uwsgi config for trailing slashes

Browse Source 
The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.

For stable/victoria the devstack-platform-opensuse-15 and
nova-ceph-multistore jobs are currently broken, drop them for now,
they can be re-added when they got fixed.

[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274

Change-Id: I99fbc91be1e7764a71a65b5abadd26144e0d1446
This commit is contained in:
Jens Harbott
2021-09-28 13:44:32 +02:00
parent 3e54b3c0e7
commit 7f16f6d482
2 changed files with 1 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.zuul.yaml
View File

@@ -659,7 +659,6 @@
jobs:
- devstack
- devstack-ipv6
- devstack-platform-opensuse-15
- devstack-platform-centos-8
- devstack-platform-bionic
- devstack-multinode
@@ -705,10 +704,6 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- nova-ceph-multistore:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
# NOTE(gmann): Remove this job from devstack pipeline once it is
# migrated to zuulv3 native. This is legacy job and rely on
# devstack-gate + devstack setting so any change in devstack can
@@ -745,10 +740,6 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- nova-ceph-multistore:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
# Please add a note on each job and conditions for the job not
# being experimental any more, so we can keep this list somewhat
# pruned.

2
lib/apache
View File

@@ -306,7 +306,7 @@ function write_uwsgi_config {
apache_conf=$(apache_site_config_for $name)
iniset "$file" uwsgi socket "$socket"
iniset "$file" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
fi