Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this charm. This patch changes the ports.conf default file with another one that does not open port 80 on SSL environments. Change-Id: I3f8eb69813058a9291540634ad262bfdaa7b8731 Closes-bug: #1845665
2019-11-02 06:22:47 -03:00 · 2019-11-02 06:22:47 -03:00 · 8eb305f3f1
parent eadfee16b4
commit 8eb305f3f1
3 changed files with 13 additions and 1 deletions
--- a/hooks/glance_utils.py
+++ b/hooks/glance_utils.py
@ -122,6 +122,7 @@ CEPH_CONF = "/etc/ceph/ceph.conf"
 CHARM_CEPH_CONF = '/var/lib/charm/{}/ceph.conf'

 HAPROXY_CONF = "/etc/haproxy/haproxy.cfg"
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 HTTPS_APACHE_CONF = "/etc/apache2/sites-available/openstack_https_frontend"
 HTTPS_APACHE_24_CONF = "/etc/apache2/sites-available/" \
    "openstack_https_frontend.conf"
@ -209,7 +210,11 @@ CONFIG_FILES = OrderedDict([
    (HTTPS_APACHE_24_CONF, {
        'hook_contexts': [glance_contexts.ApacheSSLContext()],
        'services': ['apache2'],
-    })
+    }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])


--- a/templates/ports.conf
+++ b/templates/ports.conf
@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
--- a/unit_tests/test_glance_utils.py
+++ b/unit_tests/test_glance_utils.py
@ -156,6 +156,7 @@ class TestGlanceUtils(CharmTestCase):
            (utils.HAPROXY_CONF, ['haproxy']),
            (utils.HTTPS_APACHE_CONF, ['apache2']),
            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
            (utils.MEMCACHED_CONF, ['memcached']),
            (utils.GLANCE_POLICY_FILE, ['glance-api', 'glance-registry']),
        ])
@ -177,6 +178,7 @@ class TestGlanceUtils(CharmTestCase):
            (utils.HAPROXY_CONF, ['haproxy']),
            (utils.HTTPS_APACHE_CONF, ['apache2']),
            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
            (utils.MEMCACHED_CONF, ['memcached']),
            (utils.GLANCE_POLICY_FILE, ['glance-api']),
        ])
@ -200,6 +202,7 @@ class TestGlanceUtils(CharmTestCase):
            (utils.HAPROXY_CONF, ['haproxy']),
            (utils.HTTPS_APACHE_CONF, ['apache2']),
            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
            (utils.MEMCACHED_CONF, ['memcached']),
            (utils.GLANCE_POLICY_FILE, ['glance-api']),
            ('{}/*'.format(utils.APACHE_SSL_DIR),