Disable trace for all containers running httpd

Trace method is enabled in default for httpd. There is security risk with trace enabled. So disable it in default. more info please check[0]. [0] https://security.stackexchange.com/a/7711 Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362 Closes-Bug: #1705160
2017-07-19 10:52:41 +08:00 · 2017-07-19 10:52:41 +08:00 · f5dd178fc5
parent 4d38340623
commit f5dd178fc5
9 changed files with 18 additions and 0 deletions
--- a/ansible/roles/aodh/templates/wsgi-aodh.conf.j2
+++ b/ansible/roles/aodh/templates/wsgi-aodh.conf.j2
@ -1,6 +1,8 @@
 {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 Listen {{ api_interface_address }}:{{ aodh_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ aodh_api_port }}>

  ## Vhost docroot
--- a/ansible/roles/cinder/templates/cinder-wsgi.conf.j2
+++ b/ansible/roles/cinder/templates/cinder-wsgi.conf.j2
@ -1,6 +1,8 @@
 {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 Listen {{ api_interface_address }}:{{ cinder_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ cinder_api_port }}>
    WSGIDaemonProcess cinder-api processes={{ openstack_service_workers }} threads=1 user=cinder group=cinder display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup cinder-api
--- a/ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2
+++ b/ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2
@ -2,6 +2,8 @@
 {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 Listen {{ api_interface_address }}:{{ freezer_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ freezer_api_port }}>
    WSGIDaemonProcess freezer-api processes={{ openstack_service_workers }} threads=1 user=freezer display-name=%{GROUP}
    WSGIProcessGroup freezer-api
--- a/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2
@ -2,6 +2,8 @@
 {% set wsgi_path = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
 Listen {{ api_interface_address }}:{{ gnocchi_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ gnocchi_api_port }}>

  ErrorLog "/var/log/kolla/gnocchi/gnocchi-api-error.log"
--- a/ansible/roles/horizon/templates/horizon.conf.j2
+++ b/ansible/roles/horizon/templates/horizon.conf.j2
@ -1,6 +1,8 @@
 {% set python_path = '/usr/share/openstack-dashboard' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 Listen {{ api_interface_address }}:{{ horizon_port }}

+TraceEnable off
+
 <VirtualHost *:{{ horizon_port }}>
    LogLevel warn
    ErrorLog /var/log/kolla/horizon/horizon.log
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@ -3,6 +3,8 @@
 Listen {{ api_interface_address }}:{{ keystone_public_port }}
 Listen {{ api_interface_address }}:{{ keystone_admin_port }}

+TraceEnable off
+
 <VirtualHost *:{{ keystone_public_port }}>
    WSGIDaemonProcess keystone-public processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup keystone-public
--- a/ansible/roles/nova/templates/placement-api-wsgi.conf.j2
+++ b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2
@ -3,6 +3,8 @@
 {% set wsgi_directory = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
 Listen {{ api_interface_address }}:{{ placement_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ placement_api_port }}>
    WSGIDaemonProcess placement-api processes={{ openstack_service_workers }} threads=1 user=nova group=nova display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup placement-api
--- a/ansible/roles/panko/templates/wsgi-panko.conf.j2
+++ b/ansible/roles/panko/templates/wsgi-panko.conf.j2
@ -1,6 +1,8 @@
 {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 Listen {{ api_interface_address }}:{{ panko_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ panko_api_port }}>

  ErrorLog "/var/log/kolla/panko/panko-api-error.log"
--- a/ansible/roles/zun/templates/wsgi-zun.conf.j2
+++ b/ansible/roles/zun/templates/wsgi-zun.conf.j2
@ -1,6 +1,8 @@
 {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 Listen {{ api_interface_address }}:{{ zun_api_port }}

+TraceEnable off
+
 <VirtualHost *:{{ zun_api_port }}>

  ## Vhost docroot